Date 2006-12-14 12:49:55 | Category: XOOPS

in englishin japanese
I've just tried a wysiwyg editor FCKeditor for pico.

It looks the best HTML&JavaScript and not so good PHP.
In 2.3.2, I can find a fatal vulnerability in php uploader at a glance.
(.php files can be uploaded)

Thus I've remade php uploader and connector almost full scratch for XOOPS.

You can try this.

pico 0.2 has a feature of editing contents via this FCKeditor on XOOPS.

p.s. I don't test xoops.org's FCKeditor under /class/xoopseditor/ because class directory should be DENY for httpd.
And I guess the same vulnerability of original exists in the xoops.org version.

You can read more news at PEAK XOOPS.

The URL for this story is: