Index: branches/5.2.x/core/ckeditor/ckfinder/core/connector/php/php5/Utils/FileSystem.php
===================================================================
diff -u -N -r15316 -r16404
--- branches/5.2.x/core/ckeditor/ckfinder/core/connector/php/php5/Utils/FileSystem.php	(.../FileSystem.php)	(revision 15316)
+++ branches/5.2.x/core/ckeditor/ckfinder/core/connector/php/php5/Utils/FileSystem.php	(.../FileSystem.php)	(revision 16404)
@@ -2,8 +2,8 @@
 /*
  * CKFinder
  * ========
- * http://ckfinder.com
- * Copyright (C) 2007-2012, CKSource - Frederico Knabben. All rights reserved.
+ * http://cksource.com/ckfinder
+ * Copyright (C) 2007-2013, CKSource - Frederico Knabben. All rights reserved.
  *
  * The software, this file and its contents are subject to the CKFinder
  * License. Please read the license.txt file before using, installing, copying,
@@ -47,7 +47,7 @@
             if (strlen($path1)) {
                 $_lastCharP1 = substr($path1, -1, 1);
                 if ($_lastCharP1 != "/" && $_lastCharP1 != "\\") {
-                    $path1 .= DIRECTORY_SEPARATOR;
+                    $path1 .= '/';
                 }
             }
         }
@@ -59,7 +59,7 @@
                 }
                 $_lastCharP1 = substr($path1, -1, 1);
                 if ($_lastCharP1 != "/" && $_lastCharP1 != "\\" && $_firstCharP2 != "/" && $_firstCharP2 != "\\") {
-                    $path1 .= DIRECTORY_SEPARATOR;
+                    $path1 .= '/';
                 }
             }
             else {
@@ -120,6 +120,25 @@
     }
 
     /**
+     * Check whether $path contains valid folders names
+     *
+     * @static
+     * @access public
+     * @param string $path
+     */
+    public static function checkFolderPath($path){
+      $path = substr($path,strpos($path,'/')+1);
+      $path = explode('/',trim($path,'/'));
+        foreach ( $path as $dir ){
+          if ( !empty($dir) && !CKFinder_Connector_Utils_FileSystem::checkFolderName($dir) ){
+            return false;
+          }
+        }
+
+        return true;
+    }
+
+    /**
      * Unlink file/folder
      *
      * @static
@@ -161,16 +180,17 @@
     }
 
     /**
-     * Return file name without extension (without dot & last part after dot)
+     * Return file name without extension
      *
      * @static
      * @access public
      * @param string $fileName
+     * @param boolean $shortExtensionMode If set to false, extension is everything after a first dot
      * @return string
      */
-    public static function getFileNameWithoutExtension($fileName)
+    public static function getFileNameWithoutExtension($fileName, $shortExtensionMode = TRUE)
     {
-        $dotPos = strrpos( $fileName, '.' );
+        $dotPos = $shortExtensionMode ? strrpos( $fileName, '.' ) : strpos( $fileName, '.' );
         if (false === $dotPos) {
             return $fileName;
         }
@@ -179,21 +199,22 @@
     }
 
     /**
-     * Get file extension (only last part - e.g. extension of file.foo.bar.jpg = jpg)
+     * Get file extension
      *
      * @static
      * @access public
      * @param string $fileName
+     * @param boolean $shortExtensionMode If set to false, extension is everything after a first dot
      * @return string
      */
-    public static function getExtension( $fileName )
+    public static function getExtension( $fileName, $shortExtensionMode = TRUE )
     {
-        $dotPos = strrpos( $fileName, '.' );
+        $dotPos = $shortExtensionMode ? strrpos( $fileName, '.' ) : strpos( $fileName, '.' );
         if (false === $dotPos) {
             return "";
         }
 
-        return substr( $fileName, strrpos( $fileName, '.' ) +1 ) ;
+        return substr( $fileName, $dotPos + 1 );
     }
 
     /**
@@ -299,6 +320,29 @@
     }
 
     /**
+     * Secure file name from unsafe characters
+     *
+     * @param string $fileName
+     * @access public
+     * @static
+     * @return string $fileName
+     */
+    public static function secureFileName($fileName)
+    {
+      $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
+      $fileName = str_replace(array(":", "*", "?", "|", "/"), "_", $fileName);
+      if ( $_config->getDisallowUnsafeCharacters() )
+      {
+        $fileName = str_replace(";", "_", $fileName);
+      }
+      if ($_config->forceAscii())
+      {
+        $fileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($fileName);
+      }
+      return $fileName;
+    }
+
+    /**
      * Convert file name from UTF-8 to system encoding
      *
      * @static
@@ -553,11 +597,14 @@
      *
      * @access public
      * @static
-     * @param string $serverPath
+     * @param string $clientPath client path (with trailing slash)
+     * @param object $_resourceType resource type configuration
      * @return boolean
      */
-    public static function hasChildren($serverPath)
+    public static function hasChildren($clientPath, $_resourceType)
     {
+        $serverPath = CKFinder_Connector_Utils_FileSystem::combinePaths($_resourceType->getDirectory(), $clientPath);
+
         if (!is_dir($serverPath) || (false === $fh = @opendir($serverPath))) {
             return false;
         }
@@ -566,8 +613,18 @@
         while (false !== ($filename = readdir($fh))) {
             if ($filename == '.' || $filename == '..') {
                 continue;
-            } else if (is_dir($serverPath . DIRECTORY_SEPARATOR . $filename)) {
+            } else if (is_dir($serverPath . $filename)) {
                 //we have found valid directory
+                $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
+                $_acl = $_config->getAccessControlConfig();
+                $_aclMask = $_acl->getComputedMask($_resourceType->getName(), $clientPath . $filename);
+                if ( ($_aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) != CKFINDER_CONNECTOR_ACL_FOLDER_VIEW ) {
+                    continue;
+                }
+                if ($_resourceType->checkIsHiddenFolder($filename)) {
+                  continue;
+                }
+
                 $hasChildren = true;
                 break;
             }
@@ -577,4 +634,128 @@
 
         return $hasChildren;
     }
+
+    /**
+     * Retruns temp directory
+     *
+     * @access public
+     * @static
+     * @return string
+     */
+    public static function getTmpDir()
+    {
+      $_config = & CKFinder_Connector_Core_Factory::getInstance("Core_Config");
+      $tmpDir = $_config->getTempDirectory();
+      if ( $tmpDir )
+      {
+        return $tmpDir;
+      }
+      if ( !function_exists('sys_get_temp_dir')) {
+        function sys_get_temp_dir() {
+          if( $temp=getenv('TMP') ){
+            return $temp;
+          }
+          if( $temp=getenv('TEMP') ) {
+            return $temp;
+          }
+          if( $temp=getenv('TMPDIR') ) {
+            return $temp;
+          }
+          $temp = tempnam(__FILE__,'');
+          if ( file_exists($temp) ){
+            unlink($temp);
+            return dirname($temp);
+          }
+          return null;
+        }
+      }
+      return sys_get_temp_dir();
+    }
+
+    /**
+     * Check if given directory is empty
+     *
+     * @param string $dirname
+     * @access public
+     * @static
+     * @return bool
+     */
+    public static function isEmptyDir($dirname)
+    {
+      $files = scandir($dirname);
+      if ( $files && count($files) > 2)
+      {
+        return false;
+      }
+      return true;
+    }
+
+    /**
+     * Autorename file if previous name is already taken
+     *
+     * @param string $filePath
+     * @param string $fileName
+     * @param string $sFileNameOrginal
+     */
+    public static function autoRename( $filePath, $fileName )
+    {
+      $sFileNameOrginal = $fileName;
+      $iCounter = 0;
+      while (true)
+      {
+        $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($filePath, $fileName);
+        if ( file_exists($sFilePath) ){
+          $iCounter++;
+          $fileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($sFileNameOrginal, false) . "(" . $iCounter . ")" . "." .CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal, false);
+        }
+        else
+        {
+          break;
+        }
+      }
+      return $fileName;
+    }
+
+    /**
+     * Send file to browser
+     * Selects the method depending on the XSendfile setting
+     * @param string $filePath
+     */
+    public static function sendFile( $filePath ){
+      $config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
+      if ( $config->getXSendfile() ){
+        CKFinder_Connector_Utils_FileSystem::sendWithXSendfile($filePath);
+      } else {
+        CKFinder_Connector_Utils_FileSystem::readfileChunked($filePath);
+      }
+    }
+
+    /**
+     * Send files using X-Sendfile server module
+     *
+     * @param string $filePath
+     */
+    public static function sendWithXSendfile ( $filePath ){
+      if ( stripos($_SERVER['SERVER_SOFTWARE'], 'nginx') !== FALSE ){
+        $fallback = true;
+        $config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
+        $XSendfileNginx = $config->getXSendfileNginx();
+        foreach ( $XSendfileNginx as $location => $root){
+          if ( false !== stripos($filePath , $root) ){
+            $fallback = false;
+            $filePath = str_ireplace($root,$location,$filePath);
+            header("X-Accel-Redirect: ".$filePath); // Nginx
+            break;
+          }
+        }
+        // fallback to standar method
+        if ( $fallback ){
+          CKFinder_Connector_Utils_FileSystem::readfileChunked($filePath);
+        }
+      } elseif ( stripos($_SERVER['SERVER_SOFTWARE'], 'lighttpd/1.4') !== FALSE ){
+        header("X-LIGHTTPD-send-file: ".$filePath); // Lighttpd v1.4
+      } else {
+        header("X-Sendfile: ".$filePath); // Apache, Lighttpd v1.5, Cherokee
+      }
+    }
 }