PEAK XOOPS - FCKEditor in englishin japanese

Archive | RSS |
Poster : GIJOE on 2006-12-14 12:49:55 (14682 reads)

in englishin japanese
I've just tried a wysiwyg editor FCKeditor for pico.

It looks the best HTML&JavaScript and not so good PHP.
In 2.3.2, I can find a fatal vulnerability in php uploader at a glance.
(.php files can be uploaded)

Thus I've remade php uploader and connector almost full scratch for XOOPS.

You can try this.

pico 0.2 has a feature of editing contents via this FCKeditor on XOOPS.

p.s. I don't test's FCKeditor under /class/xoopseditor/ because class directory should be DENY for httpd.
And I guess the same vulnerability of original exists in the version.

Related articles
Printer friendly page Send this story to a friend

Comments list

GIJOE  Posted on 2007/5/7 6:05
I don't know fckeditor has a spell checker.

I have to check it for the security.
(Almost php files under fckeditor are insecure)
gigamaster  Posted on 2007/5/5 18:30 | Last modified
Many hosts have disabled shell command for security reasons and many users can't run aspell within fckeditor.

Ben aka Gentleben has shared a patch to use pspell.
The "spellchecker.php" file is available at

PSPELL Support for PHP version spell checker
Submitted By:
Ben - gentleben


Tested successful with XC and the last Pico release running on the following server config (pspell enable):
Linux 2.4 - Apache 1.3.36 - MySQL 4.0.27 - PHP 4.4.3
GIJOE  Posted on 2006/12/15 14:40



chika3  Posted on 2006/12/15 11:13
Username or e-mail:


Remember Me

Lost Password?

Register now!