Handling Built-in Resource Types

This website contains links to software which is either no longer maintained or will be supported only until the end of 2019 (CKFinder 2). For the latest documentation about current CKSource projects, including software like CKEditor 4/CKEditor 5, CKFinder 3, Cloud Services, Letters, Accessibility Checker, please visit the new documentation website.

If you look for an information about very old versions of CKEditor, FCKeditor and CKFinder check also the CKEditor forum, which was closed in 2015. If not, please head to StackOverflow for support.

By deafult, CKFinder handles some types of resources. The following articles describes their default configuration as well as various customization options.

Default Resource Types

There are three built-in resources types in CKFinder: files, images, and Flash objects. They appear in the config.cfm file as presented below with their default options:

config.resourceType[1] = structNew();
config.resourceType[1].name = 'Files';
config.resourceType[1].url = config.baseUrl & 'files';
config.resourceType[1].directory = config.baseDir & 'files';
config.resourceType[1].maxSize = 0;
config.resourceType[1].allowedExtensions = '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,
mpg,ods,odt,pdf,png,ppt,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xml,zip';
config.resourceType[1].deniedExtensions = '';

config.resourceType[2] = structNew();
config.resourceType[2].name = 'Images';
config.resourceType[2].url = config.baseUrl & 'images';
config.resourceType[2].directory = config.baseDir & 'images';
config.resourceType[2].maxSize = 0;
config.resourceType[2].allowedExtensions = 'bmp,gif,jpeg,jpg,png';
config.resourceType[2].deniedExtensions = '';

config.resourceType[3] = structNew();
config.resourceType[3].name = 'Flash';
config.resourceType[3].url = config.baseUrl & 'flash';
config.resourceType[3].directory = config.baseDir & 'flash';
config.resourceType[3].maxSize = 0;
config.resourceType[3].allowedExtensions = 'swf,flv';
config.resourceType[3].deniedExtensions = '';
important note
Flash files with swf extension, just like HTML files, can be used to execute JavaScript code (and to e.g. perform an XSS attack). Grant permission to upload .swf files only if you understand and can accept this risk.

These resources will be enabled by default if this option:

config.defaultResourceTypes = '';

is left empty. You may specify which resource types you want to use by placing their names separated by a comma.

Resource Type Options

For each resource type you may set several options to configure its behavior.

  • url and directory – define the base URL address and the server directory used to handle and publish the files for this resource type. They follow the same rules as defined in the Quick Start section for the baseUrl and baseDir settings.
  • maxSize – is the maximum size of the uploaded image defined in bytes. You may also use shorthand notation. Available options are: G, M, K (case insensitive). Remember that 1M equals 1048576 bytes (one Megabyte), 1K equals 1024 bytes (one Kilobyte), 1G equals 1 Gigabyte.
    Example
    'maxSize' = "8M",

You can use the following settings to list the file extensions that can be upload to the server:

  • allowedExtensions – the file extensions you wish to be allowed for upload with CKFinder. If left empty, only deniedExtensions is used to check uploads. The NO_EXT value can be used for enabling files without an extension.
  • deniedExtensions – the file extensions you do not wish to be uploaded with CKFinder. The NO_EXT value can be used for denying files without an extension.
important note
Important: It is recommended to always use the allowedExtensions setting, in favor of deniedExtensions. If you leave allowedExtensions empty and you add an extension to the deniedExtensions list, for example pdf, the settings will allow the upload of all other files except the files with the pdf extension. This approach is not a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in the allowedExtensions list. This is the only way to effectively secure your server from hacker attacks.
This page was last edited on 4 September 2019, at 09:46.