Handling Built-in Resource Types

This website contains links to software which is either no longer maintained or will be supported only until the end of 2019 (CKFinder 2). For the latest documentation about current CKSource projects, including software like CKEditor 4/CKEditor 5, CKFinder 3, Cloud Services, Letters, Accessibility Checker, please visit the new documentation website.

If you look for an information about very old versions of CKEditor, FCKeditor and CKFinder check also the CKEditor forum, which was closed in 2015. If not, please head to StackOverflow for support.

(Created page with '== Default resources == === Resources types === There are three built-in resources types in CKFinder: '''files''', '''images''' and '''flash'''. They appear in the config.php …')
 
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Default resources ==
+
{{Ckfinder_2.x_Built-in_Resource_Types_Description|file=config.php}}
  
=== Resources types  ===
+
<source lang="php">
 
+
$config['ResourceType'][] = Array(
There are three built-in resources types in CKFinder: '''files''', '''images''' and '''flash'''. They appear in the config.php file as below:
 
 
<source lang="php">$config['ResourceType'][] = Array(
 
 
'name' => 'Files', // Single quotes not allowed
 
'name' => 'Files', // Single quotes not allowed
 
'url' => $baseUrl . 'files',
 
'url' => $baseUrl . 'files',
 
'directory' => $baseDir . 'files',
 
'directory' => $baseDir . 'files',
 
'maxSize' => 0,
 
'maxSize' => 0,
'allowedExtensions' => '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,ppt,pxd,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,sitd,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xml,zip',
+
'allowedExtensions' => '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,
 +
ppt,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xml,zip',
 
'deniedExtensions' => '');
 
'deniedExtensions' => '');
  
Line 28: Line 26:
 
'allowedExtensions' => 'swf,flv',
 
'allowedExtensions' => 'swf,flv',
 
'deniedExtensions' => '');</source>  
 
'deniedExtensions' => '');</source>  
+
{{Ckfinder_2.x_Built-in_Resource_Types_Notes}}
These resources will be enabled if this option:
+
These resources will be enabled by default if this option:
+
<source lang="php">$config['DefaultResourceTypes'] = '';</source>  
<pre>$config['DefaultResourceTypes'] = '';</pre>  
+
is left empty. You may specify which resource types you want to use by placing their names separated by a comma.
 
is left empty. You may specify what resources types you want to use by placing their names separated by a comma.
 
 
 
== Resource Type Options ==
 
 
 
For each resource type you may set several options to precisely configure its behavior.
 
 
'''url''' and '''directory''' - define the base URL address and the server directory to use to handle and publish the files for this Resource Type. They follow the same rules as defined in the [[CKFinder_2.x/Developers Guide/PHP/Configuration/Quick Start|Quick Start]] section for the '''$baseUrl''' and '''$baseDir''' settings.
 
 
'''maxSize''' - is the maximum size of the uploaded image defined in bytes.You may also use shorthand notation. Available options are: G, M, K (case insensitive). Remember that: 1M equals 1048576 bytes (one Megabyte), 1K equals 1024 bytes (one Kilobyte), 1G equals one Gigabyte. Example: 'maxSize' => "8M",
 
 
 
 
You can use the following settings to list the file extensions that can be upload to the server:
 
 
 
* '''allowedExtensions''' - the extensions you wish CKFinder to use. If left empty, only DeniedExtensions is used to check uploads.
 
* '''deniedExtensions''' - the extensions you don't wish the CKFinder to use.
 
 
 
'''Important: It is recommended''' to always use the allowedExtensions setting, in favor of deniedExtensions. If you leave '''allowedExtensions''' empty and you define an extension in '''deniedExtensions''', for example "pdf", it will allow the upload of all the other files except the files with the "pdf" extension. However it isn't a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in '''allowedExtensions'''. That's the only way to effectively secure your server from hacker's attacks.
 
 
 
  
{{#CUSTOMTITLE:Built-in resource types}}
+
{{Ckfinder_2.x_Built-in_Resource_Types_Options|example=<source lang="php">'maxSize' => "8M",</source>|link=CKFinder_2.x/Developers_Guide/PHP/Configuration/Quick_Start}}

Latest revision as of 09:41, 4 September 2019

By deafult, CKFinder handles some types of resources. The following articles describes their default configuration as well as various customization options.

Default Resource Types

There are three built-in resources types in CKFinder: files, images, and Flash objects. They appear in the config.php file as presented below with their default options:

$config['ResourceType'][] = Array(
'name' => 'Files', // Single quotes not allowed
'url' => $baseUrl . 'files',
'directory' => $baseDir . 'files',
'maxSize' => 0,
'allowedExtensions' => '7z,aiff,asf,avi,bmp,csv,doc,fla,flv,gif,gz,gzip,jpeg,jpg,mid,mov,mp3,mp4,mpc,mpeg,mpg,ods,odt,pdf,png,
ppt,qt,ram,rar,rm,rmi,rmvb,rtf,sdc,swf,sxc,sxw,tar,tgz,tif,tiff,txt,vsd,wav,wma,wmv,xls,xml,zip',
'deniedExtensions' => '');

$config['ResourceType'][] = Array(
'name' => 'Images',
'url' => $baseUrl . 'images',
'directory' => $baseDir . 'images',
'maxSize' => 0,
'allowedExtensions' => 'bmp,gif,jpeg,jpg,png',
'deniedExtensions' => '');

$config['ResourceType'][] = Array(
'name' => 'Flash',
'url' => $baseUrl . 'flash',
'directory' => $baseDir . 'flash',
'maxSize' => 0,
'allowedExtensions' => 'swf,flv',
'deniedExtensions' => '');
important note
Flash files with swf extension, just like HTML files, can be used to execute JavaScript code (and to e.g. perform an XSS attack). Grant permission to upload .swf files only if you understand and can accept this risk.

These resources will be enabled by default if this option:

$config['DefaultResourceTypes'] = '';

is left empty. You may specify which resource types you want to use by placing their names separated by a comma.

Resource Type Options

For each resource type you may set several options to configure its behavior.

  • url and directory – define the base URL address and the server directory used to handle and publish the files for this resource type. They follow the same rules as defined in the Quick Start section for the baseUrl and baseDir settings.
  • maxSize – is the maximum size of the uploaded image defined in bytes. You may also use shorthand notation. Available options are: G, M, K (case insensitive). Remember that 1M equals 1048576 bytes (one Megabyte), 1K equals 1024 bytes (one Kilobyte), 1G equals 1 Gigabyte.
    Example
    'maxSize' => "8M",

You can use the following settings to list the file extensions that can be upload to the server:

  • allowedExtensions – the file extensions you wish to be allowed for upload with CKFinder. If left empty, only deniedExtensions is used to check uploads. The NO_EXT value can be used for enabling files without an extension.
  • deniedExtensions – the file extensions you do not wish to be uploaded with CKFinder. The NO_EXT value can be used for denying files without an extension.
important note
Important: It is recommended to always use the allowedExtensions setting, in favor of deniedExtensions. If you leave allowedExtensions empty and you add an extension to the deniedExtensions list, for example pdf, the settings will allow the upload of all other files except the files with the pdf extension. This approach is not a good way to secure your server from unwanted uploads. The best way is to put all of the preferred extensions in the allowedExtensions list. This is the only way to effectively secure your server from hacker attacks.
This page was last edited on 4 September 2019, at 09:41.