ckeditor - does it upload images

[kachana]

Does CKEDITOR allow you to upload images to your server?

Thanks

[DrByte]

Not natively, no.

[kachana]

Thank you for that prompt rely:)

[kwright]

There is a CKFinder file manager, but haven't had luck integrating with CKEditor...

[kuroi]

It's not easy to integrate Image Manager extensions to WYSIWYG editors such as CKEditor or TinyMCE.

If you don't integrate them securely, you leave yourself open to the upload of malicious files by hackers.

But integrating them securely is very difficult too as Zen Cart is deliberately locked down to not offer third-party apps a way to penetrate its security, since these would offer a point of attack for hackers.

[kwright]

Hi kuroi,

First, I would like to say thanks for the contrib! As you read in my other post, It installed and works flawlessly, including the upgrade process. CKEditor is a nice addition for Zen users.

I do understand the potential security issues with file managers. However, if one does wish to configure CKFinder, would you happen to have any helpful directions on this?

[kwright]

OK, don't mean to beat a horse as they say...

I have CKEditor and CKFinder installed and working on 1.3.9d. I want to secure (as best as possible) CKFinder.

Here's what I have so far in general:

1. Admin dir renamed
2. htaccess pwd admin dir
3. Using https to login
4. limited file types in finder to gif, jpg and png

I read in another thread to pwd the editor and finder dir as well. Any thought on this redundancy?

Since I don't know the methods a hacker could use to get in and use CKFinder, any other suggestions / recommendation (other then don't use CKFinder) would be helpful to all of us that need / wish to use CKFinder.

Thanks

[vandiermen]

I want to secure (as best as possible) CKFinder.

I had FCKeditor(with image uploader) installed on all my 1.3.8 sites and just changed the admin url, and I was never hacked.

If you change your admin url this should protect your site.

I looked for CKFinder in the free ad-ons... pity no one has added it for zencart.

p.s.
without changing the admin url your site is vulnerable I think.

[kuroi]

I looked for CKFinder in the free ad-ons... pity no one has added it for zencart.

It can't be added for Zen Cart. It's a commercial product requiring a paid-for license.

[vandiermen]

It can't be added for Zen Cart. It's a commercial product requiring a paid-for license.

It seems you can download it for free for your own websites. Perhaps zencart integration patch files could be added I am not sure. Thanks for your answer.