summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.txt3
-rw-r--r--fckeditor.module9
2 files changed, 10 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 0b88cae..f977956 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,8 @@
$Id$
+-- 2009-08-25 version 5.x-2.x-dev
+* #488090 Custom upload path not working when using private folders
+
-- 2009-08-06 version 5.x-2.x-dev
* Tag as version 5.x-2.3-rc1
diff --git a/fckeditor.module b/fckeditor.module
index 294d244..ce410d7 100644
--- a/fckeditor.module
+++ b/fckeditor.module
@@ -2264,10 +2264,15 @@ function fckeditor_file_download($file) {
$global_profile = fckeditor_profile_load("FCKeditor Global Profile");
//Assume that files inside of fckeditor directory belong to the FCKeditor. If private directory is set, let the decision about protection to the user.
- $private_dir = isset($global_profile->settings['private_dir']) ? $global_profile->settings['private_dir'] : "/";
+ $private_dir = isset($global_profile->settings['private_dir']) ? trim($global_profile->settings['private_dir'], '\/') : '';
+ $private_dir = preg_quote($private_dir, '#');
+ $private_dir = strtr($private_dir, array('%u' => '(\d+)'));
+ $private_dir = trim($private_dir, '\/');
+
+ $regex = '#^'. preg_quote(file_directory_path() .'/', '#') . $private_dir .'#';
//If path to the file points to the FCKeditor private directory, allow downloading
- if (strpos($path, file_directory_path() ."/". trim($private_dir, "/\\")) === 0) {
+ if (preg_match($regex, $path)) {
$ctype = ($info = @getimagesize($path)) ? $info['mime'] : (function_exists('mime_content_type') ? mime_content_type($path) : 'application/x-download');
return array('Content-type: '. $ctype);
}