Does CKEDITOR allow you to upload images to your server?
Thanks
Does CKEDITOR allow you to upload images to your server?
Thanks
Not natively, no.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Thank you for that prompt rely:)
There is a CKFinder file manager, but haven't had luck integrating with CKEditor...
Experience is what you get when you don’t get what you want…
It's not easy to integrate Image Manager extensions to WYSIWYG editors such as CKEditor or TinyMCE.
If you don't integrate them securely, you leave yourself open to the upload of malicious files by hackers.
But integrating them securely is very difficult too as Zen Cart is deliberately locked down to not offer third-party apps a way to penetrate its security, since these would offer a point of attack for hackers.
Kuroi Web Design and Development | Twitter
(Questions answered in the forum only - so that any forum member can benefit - not by personal message)
Hi kuroi,
First, I would like to say thanks for the contrib! As you read in my other post, It installed and works flawlessly, including the upgrade process. CKEditor is a nice addition for Zen users.
I do understand the potential security issues with file managers. However, if one does wish to configure CKFinder, would you happen to have any helpful directions on this?
Experience is what you get when you don’t get what you want…
OK, got ckfinder working on localhost!
Now I am trying to secure it. In the ckfinder config.php file, there is a CheckAuthentication() function that needs to return true. I added the following, but doesn't seem to work.
This should return true if admin is logged in...correct?Code:return isset($_SESSION['securityToken']) && $_SESSION['securityToken'];
Any ideas?
Experience is what you get when you don’t get what you want…
Alas that won't work as the page has already been completely rendered by the time you initiate the CKFinder call, and the session has been closed down to protect the information that it contains.
Nor can you restart the same session at this point, since the http headers were sent prior to the page rendering.
If you're working from a fixed IP you might be able to check that the browser request came from that IP and exclude any others.
You can also obscure the location of the editors (similarly to changing the name of the admin folder) by renaming the folder and editing the DIR_WS_EDITOR setting in the admin ckeditor.php file, which would make it more difficult for a hacker to find and access the CKFinder upload facility.
Kuroi Web Design and Development | Twitter
(Questions answered in the forum only - so that any forum member can benefit - not by personal message)
Thanks for the info about Zen sessions kuroi.
I had tried several methods, but as you pointed out, Zen sessions by design, are very secure...
I like the idea of obscuring the dir and looking at the IP...
Would there be any other way to validate that one is logged in to the store admin that can be made available to the ckfinder config script?
Experience is what you get when you don’t get what you want…
Alas, the information used to verify that somebody is logged in is in the session that you can't get at.
Kuroi Web Design and Development | Twitter
(Questions answered in the forum only - so that any forum member can benefit - not by personal message)
Bookmarks