By deafult, CKFinder handles some types of resources. The following articles describes their default configuration as well as various customization options.

Default Resource Types

There are three built-in resources types in CKFinder: files, images, and Flash objects. They appear in the configuration file as presented below with their default options:

ResourceType type;

type = ResourceType.Add( "Files" );
type.Url = BaseUrl + "files/";
type.Dir = BaseDir == "" ? "" : BaseDir + "files/";
type.MaxSize = 0;
type.AllowedExtensions = new string[] { "7z", "aiff", "asf", "avi", "bmp", "csv", "doc", "fla", "flv", "gif", "gz", "gzip",
"jpeg", "jpg", "mid", "mov", "mp3", "mp4", "mpc", "mpeg", "mpg", "ods", "odt", "pdf", "png", "ppt", "qt", "ram", "rar",
"rm", "rmi", "rmvb", "rtf", "sdc", "swf", "sxc", "sxw", "tar", "tgz", "tif", "tiff", "txt", "vsd", "wav", "wma", "wmv",
"xls", "zip" };
type.DeniedExtensions = new string[] { };

type = ResourceType.Add( "Images" );
type.Url = BaseUrl + "images/";
type.Dir = BaseDir == "" ? "" : BaseDir + "images/";
type.MaxSize = 0;
type.AllowedExtensions = new string[] { "bmp", "gif", "jpeg", "jpg", "png" };
type.DeniedExtensions = new string[] { };

type = ResourceType.Add( "Flash" );
type.Url = BaseUrl + "flash/";
type.Dir = BaseDir == "" ? "" : BaseDir + "flash/";
type.MaxSize = 0;
type.AllowedExtensions = new string[] { "swf", "flv" };
type.DeniedExtensions = new string[] { };

Flash files with swf extension, just like HTML files, can be used to execute JavaScript code (and to e.g. perform an XSS attack). Grant permission to upload .swf files only if you understand and can accept this risk.

Defining DefaultResourceTypes

When opening CKFinder, you may specify which Resource Type to make visible by appending ?type=<TypeName> to the CKFinder URL. If instead the type is not passed in the URL, the DefaultResourceTypes setting will be used to identify which Resource Types to load. If blank, all Resource Types will be displayed. For example:

// Show all Resource Types:
DefaultResourceTypes = "";

// Show the "Images" and "Files" Resource Types only (separated by comma):
DefaultResourceTypes = "Images,Files";

Resource Type Options

For each resource type you may set several options to precisely configure its behavior.

Url and Dir

Define the base URL address and the server directory to use to handle and publish the files for this Resource Type. They follow the same rules as defined in the Quick Start section for the BaseUrl and BaseDir settings.

MaxSize

It's the maximum size allowed for uploaded file defined in Bytes.

AllowedExtensions and DeniedExtensions

You can use this settings to list the file extensions that can be upload to the server.

• AllowedExtensions - the extensions you wish CKFinder to use. If left empty, only DeniedExtensions is used to check uploads. NO_EXT value can be used for files without extension.
• DeniedExtensions - the extensions you don't wish the CKFinder to use. NO_EXT value can be used for files without extension.

Important: It is recommended to always use the AllowedExtensions setting, in favor of DeniedExtensions. If you leave AllowedExtensions empty and you define an extension in DeniedExtensions, for example "pdf", it will allow the upload of all the other files except the files with the "pdf" extension. However it isn't a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in AllowedExtensions. That's the only way to effectively secure your server from hacker's attacks.