A question regarding the CKEditor for Zen Cart 3.4's readme file

[justin2010]

I installed the addon, following the readme.html file's instruction.

When I tried to do step 5 in the file, which is:
(Optional) You can change the folder in which the editor file live, by renaming the folder and adding the following line to your admin/includes/configure.php file:
define('DIR_WS_EDITORS', 'the new name of your folder');

So, I renamed the folder to 'myeditors', then added a line in that configure.php like:
define('DIR_WS_EDITORS', 'myeditors/');

Then I went back to step 4, which is:
(Recommended) You can also set your default editor choice via Admin->Configuration->My Store->HTML Editor (note: this may not take effect until you log in the next time)

I got the following error msg with yellow background on top of the admin panel:

You have an HTML editor selected in 'My Store' but the '/editors/' folder cannot be located. Please disable your selection or move your editor files into the '/shoppe/editors/' folder

I am not sure if I missed something, please help.

However, when I used Define Pages editor and EZ-pages editor, the CKeditor did show up. So I guess the function is there, but the msg is always stay, which is kind of an...ing

I am using zen-cart 1.3.9h, thank you.

[soxophoneplayer]

zc 1.3.9h

Had similar problem. I wasn't sure whether to change the root/editors folder name, or the root/editors/ckeditor folder. I tried both and with each added the suggested line to the config file.

In both cases the store config offereed only 'plain text' as being available - the ckeditor and html editors were not there.

So I put back the orginal file names, removed the added line from the config file and everything 'seems' to work. (as is the ckeditor appears where it should and a few test entries worked.)

I use IH2 for my images - not sure if that is considered an uploader that would have required the suggested folder name changes.

[frank18]

....
(Optional) You can change the folder in which the editor file live, by renaming the folder and adding the following line to your admin/includes/configure.php file:
define('DIR_WS_EDITORS', 'the new name of your folder');

I could never understand the purpose of this option - and I don't use it. Everything in admin is set up to select editors residing in the /editors folder. This works without fail, no matter which editor you are choosing. So, why moving CKeditor to a different folder??

[nigelt74]

I could never understand the purpose of this option - and I don't use it. Everything in admin is set up to select editors residing in the /editors folder. This works without fail, no matter which editor you are choosing. So, why moving CKeditor to a different folder??

Because a lot of editors include upload file capability which can be directly accessed , so a naughty pixie could in theory upload a dodgy file without having to login, and as on Zencarts the editors are always located in the editors folder its not hard to write a scrip that targets this vulnerability, after all there are only a choice of 3 or 4 htmleditors that are being used.

Changing the name of the folder serves basically the same function as renaming the admin folder, protection through obfuscation, 1.3.9 prevents the html editors from uploading so this is not really necessary, but it may help again some as yet undiscovered vulnerability.

I always wondered why the editors folder wasn't inside the admin folder!

[frank18]

Because a lot of editors include upload file capability which can be directly accessed , so a naughty pixie could in theory upload a dodgy file without having to login, and as on Zencarts the editors are always located in the editors folder its not hard to write a scrip that targets this vulnerability, after all there are only a choice of 3 or 4 htmleditors that are being used.

Changing the name of the folder serves basically the same function as renaming the admin folder, protection through obfuscation, 1.3.9 prevents the html editors from uploading so this is not really necessary, but it may help again some as yet undiscovered vulnerability.

I always wondered why the editors folder wasn't inside the admin folder!

And there's always the option of some simple coding in an .htaccess file to stop the 'pixies'

[justin2010]

zc 1.3.9h

Had similar problem. I wasn't sure whether to change the root/editors folder name, or the root/editors/ckeditor folder. I tried both and with each added the suggested line to the config file. ...

That is a good point! I only changed the root/editors before seeing your comment. Thanks! Now I tried several combinations probably the same as you did and I got the same result as you did.

And there's always the option of some simple coding in an .htaccess file to stop the 'pixies'

IMHO, the author of this addon put this option in the readme file must have his reason. If somehow it helps to improve the overall security for just as little as 1%, I will give it a shot. However, in my personal (and soxophoneplayer's) experiences on this addon, perhaps there is something confusing in the readme file. I am hoping the author or some other experts in this forum will look into it and give us some help. Even a simply answer like "Just ignore this option, it's obsoleted... " will be appreciated. Of course, a more detail explanation and how to fix it is much better.
Thanks!

[justin2010]

actually, one more thing...
If I use the original addon, when the ckeditor loaded in the admin panel through https connection, there is a red warning msg with a "!" and "lock" icon at the browser's right bottom corner saying "... contains unauthenticated ...". So, I changed line 20 in "admin/includes/ckeditor.php". Either to add a "s" after the "http" or to eliminate the whole "http" work(no more warning "!" at the right bottom corner).
I am not sure if I really solved it or compromised it.