By deafult, CKFinder handles some types of resources. The following articles describes their default configuration as well as various customization options.
Default Resource Types
There are three built-in resources types in CKFinder: files, images, and Flash objects. They appear in the config.cfm
file as presented below with their default options:
config.resourceType[1] = structNew(); config.resourceType[1].name = 'Files'; config.resourceType[1].url = config.baseUrl & 'files'; config.resourceType[1].directory = config.baseDir & 'files'; config.resourceType[1].maxSize = 0; config.resourceType[1].allowedExtensions = '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg, mpg,ods,odt,pdf,png,ppt,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xml,zip'; config.resourceType[1].deniedExtensions = ''; config.resourceType[2] = structNew(); config.resourceType[2].name = 'Images'; config.resourceType[2].url = config.baseUrl & 'images'; config.resourceType[2].directory = config.baseDir & 'images'; config.resourceType[2].maxSize = 0; config.resourceType[2].allowedExtensions = 'bmp,gif,jpeg,jpg,png'; config.resourceType[2].deniedExtensions = ''; config.resourceType[3] = structNew(); config.resourceType[3].name = 'Flash'; config.resourceType[3].url = config.baseUrl & 'flash'; config.resourceType[3].directory = config.baseDir & 'flash'; config.resourceType[3].maxSize = 0; config.resourceType[3].allowedExtensions = 'swf,flv'; config.resourceType[3].deniedExtensions = '';
swf
extension, just like HTML files, can be used to execute JavaScript code (and to e.g. perform an XSS attack). Grant permission to upload .swf
files only if you understand and can accept this risk.These resources will be enabled by default if this option:
config.defaultResourceTypes = '';
is left empty. You may specify which resource types you want to use by placing their names separated by a comma.
Resource Type Options
For each resource type you may set several options to configure its behavior.
-
url
anddirectory
– define the base URL address and the server directory used to handle and publish the files for this resource type. They follow the same rules as defined in the Quick Start section for thebaseUrl
andbaseDir
settings.
-
maxSize
– is the maximum size of the uploaded image defined in bytes. You may also use shorthand notation. Available options are:G
,M
,K
(case insensitive). Remember that1M
equals 1048576 bytes (one Megabyte),1K
equals 1024 bytes (one Kilobyte),1G
equals 1 Gigabyte.- Example
-
'maxSize' = "8M",
You can use the following settings to list the file extensions that can be upload to the server:
-
allowedExtensions
– the file extensions you wish to be allowed for upload with CKFinder. If left empty, onlydeniedExtensions
is used to check uploads. TheNO_EXT
value can be used for enabling files without an extension. -
deniedExtensions
– the file extensions you do not wish to be uploaded with CKFinder. TheNO_EXT
value can be used for denying files without an extension.
allowedExtensions
setting, in favor of deniedExtensions
. If you leave allowedExtensions
empty and you add an extension to the deniedExtensions
list, for example pdf
, the settings will allow the upload of all other files except the files with the pdf
extension. This approach is not a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in the allowedExtensions
list. This is the only way to effectively secure your server from hacker attacks.