By deafult, CKFinder handles some types of resources. The following articles describes their default configuration as well as various customization options.
Default Resource Types
There are three built-in resources types in CKFinder: files, images, and Flash objects. They appear in the
config.php file as presented below with their default options:
$config['ResourceType'] = Array( 'name' => 'Files', // Single quotes not allowed 'url' => $baseUrl . 'files', 'directory' => $baseDir . 'files', 'maxSize' => 0, 'allowedExtensions' => '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png, ppt,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xml,zip', 'deniedExtensions' => ''); $config['ResourceType'] = Array( 'name' => 'Images', 'url' => $baseUrl . 'images', 'directory' => $baseDir . 'images', 'maxSize' => 0, 'allowedExtensions' => 'bmp,gif,jpeg,jpg,png', 'deniedExtensions' => ''); $config['ResourceType'] = Array( 'name' => 'Flash', 'url' => $baseUrl . 'flash', 'directory' => $baseDir . 'flash', 'maxSize' => 0, 'allowedExtensions' => 'swf,flv', 'deniedExtensions' => '');
.swffiles only if you understand and can accept this risk.
These resources will be enabled by default if this option:
$config['DefaultResourceTypes'] = '';
is left empty. You may specify which resource types you want to use by placing their names separated by a comma.
Resource Type Options
For each resource type you may set several options to configure its behavior.
directory– define the base URL address and the server directory used to handle and publish the files for this resource type. They follow the same rules as defined in the Quick Start section for the
maxSize– is the maximum size of the uploaded image defined in bytes. You may also use shorthand notation. Available options are:
K(case insensitive). Remember that
1Mequals 1048576 bytes (one Megabyte),
1Kequals 1024 bytes (one Kilobyte),
1Gequals 1 Gigabyte.
'maxSize' => "8M",
You can use the following settings to list the file extensions that can be upload to the server:
allowedExtensions– the file extensions you wish to be allowed for upload with CKFinder. If left empty, only
deniedExtensionsis used to check uploads.
deniedExtensions– the file extensions you do not wish to be uploaded with CKFinder.
allowedExtensionssetting, in favor of
deniedExtensions. If you leave
allowedExtensionsempty and you add an extension to the
deniedExtensionslist, for example
allowedExtensionslist. This is the only way to effectively secure your server from hacker attacks.