PEAK XOOPS - FCKEditor in englishin japanese

Archive | RSS |
XOOPS
XOOPS : FCKEditor
Poster : GIJOE on 2006-12-14 12:49:55 (14610 reads)

in englishin japanese
I've just tried a wysiwyg editor FCKeditor for pico.
http://www.fckeditor.net/

It looks the best HTML&JavaScript and not so good PHP.
In 2.3.2, I can find a fatal vulnerability in php uploader at a glance.
(.php files can be uploaded)

Thus I've remade php uploader and connector almost full scratch for XOOPS.

You can try this.
http://xoops.peak.ne.jp/md/mydownloads/singlefile.php?lid=93

pico 0.2 has a feature of editing contents via this FCKeditor on XOOPS.


p.s. I don't test xoops.org's FCKeditor under /class/xoopseditor/ because class directory should be DENY for httpd.
And I guess the same vulnerability of original exists in the xoops.org version.


Related articles
Printer friendly page Send this story to a friend

Comments list

GIJOE  Posted on 2007/5/7 6:05
I don't know fckeditor has a spell checker.

I have to check it for the security.
(Almost php files under fckeditor are insecure)
gigamaster  Posted on 2007/5/5 18:30 | Last modified
Many hosts have disabled shell command for security reasons and many users can't run aspell within fckeditor.

Ben aka Gentleben has shared a patch to use pspell.
The "spellchecker.php" file is available at sourceforge.net

PSPELL Support for PHP version spell checker
Submitted By:
Ben - gentleben

-----

Tested successful with XC and the last Pico release running on the following server config (pspell enable):
Linux 2.4 - Apache 1.3.36 - MySQL 4.0.27 - PHP 4.4.3
GIJOE  Posted on 2006/12/15 14:40
chika3さん、こんにちは〜

フロントエンドは出色の出来ですね。
素直に感心しました。

設計の良さから、機能拡張も比較的容易そうなので、いろいろやってみよう、という気にさせてくれますね。

とりあえず、ユーザ毎の権限/専用フォルダあたりの実装ですかね。そうなると、やっぱりモジュールとしてのコントローラも必要そうですが。
chika3  Posted on 2006/12/15 11:13
使ってみました。コレいいですね~。
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!