(→Changing the default resources) |
(→FCKeditor issues) |
||
Line 45: | Line 45: | ||
'''Important: It is recommended''' to always use the allowedExtensions setting, in favor of deniedExtensions. If you leave '''allowedExtensions''' empty and you define an extension in '''deniedExtensions''', for example "pdf", it will allow the upload of all the other files except the files with the "pdf" extension. However it isn't a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in '''allowedExtensions'''. That's the only way to effectively secure your server from hacker's attacks. | '''Important: It is recommended''' to always use the allowedExtensions setting, in favor of deniedExtensions. If you leave '''allowedExtensions''' empty and you define an extension in '''deniedExtensions''', for example "pdf", it will allow the upload of all the other files except the files with the "pdf" extension. However it isn't a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in '''allowedExtensions'''. That's the only way to effectively secure your server from hacker's attacks. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 16:59, 15 December 2008
Default resources
Resources types
There are three built-in resources types in CKFinder: files, images and flash. They appear in the config.php file as below:
config.resourceType[1] = structNew(); config.resourceType[1].name = 'Files'; config.resourceType[1].url = config.baseUrl & 'files'; config.resourceType[1].directory = config.baseDir & 'files'; config.resourceType[1].maxSize = 0; config.resourceType[1].allowedExtensions = '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,ppt,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xml,zip'; config.resourceType[1].deniedExtensions = ''; config.resourceType[2] = structNew(); config.resourceType[2].name = 'Images'; config.resourceType[2].url = config.baseUrl & 'images'; config.resourceType[2].directory = config.baseDir & 'images'; config.resourceType[2].maxSize = 0; config.resourceType[2].allowedExtensions = 'bmp,gif,jpeg,jpg,png'; config.resourceType[2].deniedExtensions = ''; config.resourceType[3] = structNew(); config.resourceType[3].name = 'Flash'; config.resourceType[3].url = config.baseUrl & 'flash'; config.resourceType[3].directory = config.baseDir & 'flash'; config.resourceType[3].maxSize = 0; config.resourceType[3].allowedExtensions = 'swf,flv'; config.resourceType[3].deniedExtensions = '';
These resources will be enabled if this option:
config.defaultResourceTypes = '';
is left empty. If not you may specify what resources types you want to use by placing their names separated by a comma.
Changing the default resources
Every resource type has several options which you may change.
url and directory - you can place any url adress and directory you wish but be sure that their specification will follow the rules reffering to baseUrl and baseDir in the Quick Start section.
maxSize - is the maximum size of the uploaded image defined in bytes.You may also use shorthand notation. Available options are: G, M, K (case insensitive). Remember that: 1M equals 1048576 bytes (one Megabyte), 1K equals 1024 bytes (one Kilobyte), 1G equals one Gigabyte. Example: 'maxSize' => "8M",
You can use the following settings to list the file extensions that can be upload to the server:
- allowedExtensions - the extensions you wish CKFinder to use. If left empty, only DeniedExtensions is used to check uploads.
- deniedExtensions - the extensions you don't wish the CKFinder to use.
Important: It is recommended to always use the allowedExtensions setting, in favor of deniedExtensions. If you leave allowedExtensions empty and you define an extension in deniedExtensions, for example "pdf", it will allow the upload of all the other files except the files with the "pdf" extension. However it isn't a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in allowedExtensions. That's the only way to effectively secure your server from hacker's attacks.