用了FCKeditor以后才知道,在性能上确实是挺优越的,特别是在加载的速度上,远比其它的编辑器要来得快,而且跨语言跨平台,也不会像FreeTextBox那样在页面中加入一大堆的ViewState视图状态代码,减轻了页面文件的重量,提高了加载速度.
编辑器本身也内置了文件上传功能,但他却不对文件的类型以及大小做出限制,以至于带有安全忧患,万一给人上传了一个木马或者一个上面兆的影片文件怎么办,当然,修改*config.js文件可以解决,但似乎存在着某方面的安全隐患吧.
由于FCKeditor本身是开源的,所以我可以对里面的某些代码进行修改.
首先是对FileWorkerBase.cs基类的修改
using System;
namespace FredCK.FCKeditorV2...{ public abstract class FileWorkerBase : System.Web.UI.Page ...{ private const string DEFAULT_USER_FILES_PATH = "/UserFiles/";
private const string DEFAULT_USER_FILES_UPLOADTYPE = ".jpg.jpeg.bmp.gif.png.zip.rar.swf.";//默认允许上传文件类型 private const int DEFAULT_USER_FILES_UPLOADSIZE = 1024;//默认允许上传文件大小(1024KB)
private string sUserFilesPath; private string sUserFilesDirectory;
private string sUserUploadType; private int iUserUploadSize = 0;
protected string UserFilesPath ...{ get ...{ if (sUserFilesPath == null) ...{ // Try to get from the "Application". sUserFilesPath = (string)Application["FCKeditor:UserFilesPath"];
// Try to get from the "Session". if (sUserFilesPath == null || sUserFilesPath.Length == 0) ...{ sUserFilesPath = (string)Session["FCKeditor:UserFilesPath"];
// Try to get from the Web.config file. if (sUserFilesPath == null || sUserFilesPath.Length == 0) ...{
sUserFilesPath = System.Web.Configuration.WebConfigurationManager.AppSettings["FCKeditor:UserFilesPath"];
// Otherwise use the default value. if (sUserFilesPath == null || sUserFilesPath.Length == 0) sUserFilesPath = DEFAULT_USER_FILES_PATH;
// Try to get from the URL. if (sUserFilesPath == null || sUserFilesPath.Length == 0) ...{ sUserFilesPath = Request.QueryString["ServerPath"]; } } }
// Check that the user path ends with slash ("/") if (!sUserFilesPath.EndsWith("/")) sUserFilesPath += "/"; } return sUserFilesPath; } }
/** <summary> /// The absolution path (server side) of the user files directory. It /// is based on the <see cref="FileWorkerBase.UserFilesPath"/>. /// </summary> protected string UserFilesDirectory ...{ get ...{ if (sUserFilesDirectory == null) ...{ // Get the local (server) directory path translation. sUserFilesDirectory = Server.MapPath(this.UserFilesPath); } return sUserFilesDirectory; } }
/** <summary> /// 获取允许上传的类型 /// </summary> protected string UserUploadType ...{ get ...{ if (sUserUploadType == null) ...{ // Try to get from the "Application". sUserUploadType = (string)Application["FCKeditor:UserUploadType"];
// Try to get from the "Session". if (sUserUploadType == null || sUserUploadType.Length == 0) ...{ sUserUploadType = (string)Session["FCKeditor:UserUploadType"];
// Try to get from the Web.config file. if (sUserUploadType == null || sUserUploadType.Length == 0) ...{
sUserUploadType = System.Web.Configuration.WebConfigurationManager.AppSettings["FCKeditor:UserUploadType"];
// Otherwise use the default value. if (sUserUploadType == null || sUserUploadType.Length == 0) sUserUploadType = DEFAULT_USER_FILES_UPLOADTYPE;
} }
// Check that the user path starts and ends with slash (".") if (!sUserUploadType.StartsWith(".")) sUserUploadType = "." + sUserUploadType;
if (!sUserUploadType.EndsWith(".")) sUserUploadType += "."; } return sUserUploadType; } }
/** <summary> /// 获取允许上传的文件最大限制 /// </summary> protected int UserUploadSize ...{ get ...{ if (iUserUploadSize < 1) ...{ iUserUploadSize = Convert.ToInt32(Application["FCKeditor:UserUploadSize"]); if (iUserUploadSize < 1) ...{ iUserUploadSize = Convert.ToInt32(Session["FCKeditor:UserUploadSize"]); if (iUserUploadSize < 1) ...{ iUserUploadSize = Convert.ToInt32(System.Web.Configuration.WebConfigurationManager.AppSettings["FCKeditor:UserUploadSize"]); if (iUserUploadSize < 1) ...{ iUserUploadSize = DEFAULT_USER_FILES_UPLOADSIZE; } } } }
return iUserUploadSize; } } }}
接着就是对点击"浏览服务器"页面的上传部分的修改
以下是对FileBrowserConnector.cs中的FileUpload()函数的修改
private void FileUpload(string resourceType, string currentFolder) ...{ HttpPostedFile oFile = Request.Files["NewFile"];
string sErrorNumber = "0"; string sFileName = "";
if (oFile != null && oFile.ContentLength > 0) ...{ // Map the virtual path to the local server path. string sServerDir = this.ServerMapFolder(resourceType, currentFolder); /**//* // Get the uploaded file name. sFileName = System.IO.Path.GetFileName( oFile.FileName ) ;
int iCounter = 0 ;
while ( true ) { string sFilePath = System.IO.Path.Combine( sServerDir, sFileName ) ;
if ( System.IO.File.Exists( sFilePath ) ) { iCounter++ ; sFileName = System.IO.Path.GetFileNameWithoutExtension( oFile.FileName ) + "(" + iCounter + ")" + System.IO.Path.GetExtension( oFile.FileName ) ;
sErrorNumber = "201" ; } else { oFile.SaveAs( sFilePath ) ; break ; } } */ if (this.UserUploadType.ToLower().IndexOf(System.IO.Path.GetExtension(oFile.FileName).ToLower() + ".") > -1)//检测是否为允许的上传文件类型 ...{ if (this.UserUploadSize * 1024 >= oFile.ContentLength)//检测文件大小是否超过限制 ...{ sFileName = DateTime.Now.ToString("yyyyMMddHHmmssffff") + System.IO.Path.GetExtension(oFile.FileName); string sFilePath = System.IO.Path.Combine(sServerDir, sFileName); oFile.SaveAs(sFilePath); } else//文件大小超过限制 ...{ Response.Clear();
Response.Write("<script type="text/javascript">"); Response.Write("window.parent.frames['frmUpload'].OnUploadCompleted(1,'上传文件大小超出限制') ;"); Response.Write("</script>");
Response.End(); } } else //文件类型不允许上传 ...{ Response.Clear();
Response.Write("<script type="text/javascript">"); Response.Write("window.parent.frames['frmUpload'].OnUploadCompleted(1,'上传文件类型不允许') ;"); Response.Write("</script>");
Response.End(); }
} else sErrorNumber = "202";
Response.Clear();
Response.Write("<script type="text/javascript">"); Response.Write("window.parent.frames['frmUpload'].OnUploadCompleted(" + sErrorNumber + ",'" + sFileName.Replace("'", "/'") + "') ;"); Response.Write("</script>");
Response.End(); }最后就是对Uploader.cs类中的OnLoad()函数的修改
protected override void OnLoad(EventArgs e) ...{ // Get the posted file. HttpPostedFile oFile = Request.Files["NewFile"];
// Check if the file has been correctly uploaded if (oFile == null || oFile.ContentLength == 0) ...{ SendResults(202); return; }
int iErrorNumber = 0; string sFileUrl = ""; string sFileName = ""; //使用原文件名上传代码,如果文件名相同,则在后面加上标号(1)(2)... /**//* // Get the uploaded file name. string sFileName = System.IO.Path.GetFileName( oFile.FileName ) ;
int iCounter = 0 ;
while ( true ) { string sFilePath = System.IO.Path.Combine( this.UserFilesDirectory, sFileName ) ;
if ( System.IO.File.Exists( sFilePath ) ) { iCounter++ ; sFileName = System.IO.Path.GetFileNameWithoutExtension( oFile.FileName ) + "(" + iCounter + ")" + System.IO.Path.GetExtension( oFile.FileName ) ;
iErrorNumber = 201 ; } else { oFile.SaveAs( sFilePath ) ;
sFileUrl = this.UserFilesPath + sFileName ; break ; } } */ //使用原文件名上传代码结束 //使用时间作为流水号文件名
if (this.UserUploadSize * 1024 >= oFile.ContentLength)//检测文件大小是否超过限制 ...{ sFileName = DateTime.Now.ToString("yyyyMMddHHmmssffff") + System.IO.Path.GetExtension(oFile.FileName); string sFilePath = System.IO.Path.Combine(this.UserFilesDirectory, sFileName); oFile.SaveAs(sFilePath);
sFileUrl = this.UserFilesPath + sFileName; } else//文件大小超过限制 ...{ SendResults(1, "", "", "上传文件大小超出限制");
}
/**//
SendResults(iErrorNumber, sFileUrl, sFileName); }最后只要在Web.Config文件中加入对文件上传的限制值就可以了.
<?xml version="1.0"?><configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"><appSettings> <add key="FCKeditor:UserFilesPath" value="/UserFiles/" /><add key="FCKeditor:UserUploadType" value=".gif.jpg.jpeg.rar.zip.swf.png" /><add key="FCKeditor:UserUploadSize" value="5120" /><!--单位为KB--> </appSettings> <system.web> <httpRuntime maxRequestLength="512000" /> </system.web>
</configuration>
