By deafult, CKFinder handles some types of resources. The following articles describes their default configuration as well as various customization options.
Default Resource Types
There are three built-in resources types in CKFinder: files, images, and Flash objects. They appear in the config.cfm file as presented below with their default options:
config.resourceType[1] = structNew(); config.resourceType[1].name = 'Files'; config.resourceType[1].url = config.baseUrl & 'files'; config.resourceType[1].directory = config.baseDir & 'files'; config.resourceType[1].maxSize = 0; config.resourceType[1].allowedExtensions = '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg, mpg,ods,odt,pdf,png,ppt,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xml,zip'; config.resourceType[1].deniedExtensions = ''; config.resourceType[2] = structNew(); config.resourceType[2].name = 'Images'; config.resourceType[2].url = config.baseUrl & 'images'; config.resourceType[2].directory = config.baseDir & 'images'; config.resourceType[2].maxSize = 0; config.resourceType[2].allowedExtensions = 'bmp,gif,jpeg,jpg,png'; config.resourceType[2].deniedExtensions = ''; config.resourceType[3] = structNew(); config.resourceType[3].name = 'Flash'; config.resourceType[3].url = config.baseUrl & 'flash'; config.resourceType[3].directory = config.baseDir & 'flash'; config.resourceType[3].maxSize = 0; config.resourceType[3].allowedExtensions = 'swf,flv'; config.resourceType[3].deniedExtensions = '';
swf extension, just like HTML files, can be used to execute JavaScript code (and to e.g. perform an XSS attack). Grant permission to upload .swf files only if you understand and can accept this risk.These resources will be enabled by default if this option:
config.defaultResourceTypes = '';
is left empty. You may specify which resource types you want to use by placing their names separated by a comma.
Resource Type Options
For each resource type you may set several options to configure its behavior.
-
urlanddirectory– define the base URL address and the server directory used to handle and publish the files for this resource type. They follow the same rules as defined in the Quick Start section for thebaseUrlandbaseDirsettings.
-
maxSize– is the maximum size of the uploaded image defined in bytes. You may also use shorthand notation. Available options are:G,M,K(case insensitive). Remember that1Mequals 1048576 bytes (one Megabyte),1Kequals 1024 bytes (one Kilobyte),1Gequals 1 Gigabyte.- Example
-
'maxSize' = "8M",
You can use the following settings to list the file extensions that can be upload to the server:
-
allowedExtensions– the file extensions you wish to be allowed for upload with CKFinder. If left empty, onlydeniedExtensionsis used to check uploads. TheNO_EXTvalue can be used for enabling files without an extension. -
deniedExtensions– the file extensions you do not wish to be uploaded with CKFinder. TheNO_EXTvalue can be used for denying files without an extension.
allowedExtensions setting, in favor of deniedExtensions. If you leave allowedExtensions empty and you add an extension to the deniedExtensions list, for example pdf, the settings will allow the upload of all other files except the files with the pdf extension. This approach is not a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in the allowedExtensions list. This is the only way to effectively secure your server from hacker attacks.