FCKEditor is one of the lightweight RTF-Editors (RichTextEditors) which can be integrated into webapplications. Its outstanding advantage is the ability to manage file-upload and file-integration as well as comfortable link-management.

We have a special edition of this editor to ease the integration into CMSimple.
FCKeditor4CMSimple comes with FCKEditor 2.6, released april 2008.
FCKeditor4CMSimple is tested with CMSimple 2.9 and higher.

The actual version is FCKEditor4CMSimple 2.2.0, released 2008-07-13

The integration into CMSimple is easy:

• download the actual version of FCKEditor4CMSimple at http://www.webdeerns.de/?Downloads
• unfold the zip and keep the directory structure
• read the readme1.txt and the manual which comes with the download
• upload the directory FCKeditor to your CMSimple installation and add the file fckeditor.php to the cmsimple-directory. Set “fckeditor” as default editor in Settings.

The FCKeditor CMSimple Special Edition contains only those files, which are needed for integration into a PHP-application, the files for ASP, PERL etc. are stripped, so the package is lighter than the original package.

• support of multilingual installation with the editor
• integrate or upload and integrate images
• integrate or upload and integrate FLV- and MP3-Files
• integrate or upload and integrate Flash
• integrate or upload and integrate files, which you want to offer as downloads
• easy link-management
• linkmanagement for CMSimple Links supported as well, also in additional languages
• FCKEditor4CMSimple now works with Opera 9.5 as well
• special attention on security

FCKEditor4CMSimple is compatible with all PHP Versions since PHP 4.1.0

The ZIP comes with a detailled installation manual plus additional documentation, explaining the configuration options of FCKeditor for CMSimple.

The homepage of FCKeditor: http://www.fckeditor.net

Download FCKeditor CMSimple Special Edition here: www.webdeerns.de

As there are some potential security risks because of the fileupload capability of FCKEditor, some precaution must be used. The task is to avoid file uploads by unauthenticated users.

Update: Now the biggest risk is blocked: only the logged-in user can use the upload-feature, for all other users the upload is disabled. But it is still good use to protect your directories...

So, what has to be done?

1. Take care that you do not allow any dangerous fileformat to be uploaded, especially no .php or .exe-extension should be allowed. in FCKeditor/editor/filemanager/connectors/php/config.php check these lines: take care that only media-filetypes will be allowed!

$Config[’AllowedExtensions’][’Image’] = array(’gif’,’jpeg’,’jpg’,’png’) ; $Config[’AllowedExtensions’][’Flash’] = array(’swf’,’flv’,’mp3’) ; $Config[’AllowedExtensions’][’Media’] = array(’aiff’, ‘asf’, ‘avi’, ‘bmp’, ‘fla’, ‘flv’, ‘gif’, ‘jpeg’, ‘jpg’, ‘mid’, ‘mov’, ‘mp3’, ‘mp4’, ‘mpc’, ‘mpeg’, ‘mpg’, ‘png’, ‘qt’, ‘ram’, ‘rm’, ‘rmi’, ‘rmvb’, ‘swf’, ‘tif’, ‘tiff’, ‘wav’, ‘wma’, ‘wmv’) ; $Config[’AllowedExtensions’][’File’] = array(’7z’, ‘aiff’, ‘asf’, ‘avi’, ‘bmp’, ‘csv’, ‘doc’, ‘fla’, ‘flv’, ‘gif’, ‘gz’, ‘gzip’, ‘jpeg’, ‘jpg’, ‘mid’, ‘mov’, ‘mp3’, ‘mp4’, ‘mpc’, ‘mpeg’, ‘mpg’, ‘ods’, ‘odt’, ‘pdf’, ‘png’, ‘ppt’, ‘pxd’, ‘qt’, ‘ram’, ‘rar’, ‘rm’, ‘rmi’, ‘rmvb’, ‘rtf’, ‘sdc’, ‘sitd’, ‘swf’, ‘sxc’, ‘sxw’, ‘tar’, ‘tgz’, ‘tif’, ‘tiff’, ‘txt’, ‘vsd’, ‘wav’, ‘wma’, ‘wmv’, ‘xls’, ‘xml’, ‘zip’) ;

2. to check the upload system, you will find the following 2 files in FCKeditor/editor/filemanager/connectors/ test.html.txt
uploadtest.html.txt

if you whish to test the upload-capability and find out about the target-folders for the upload, rename at least one of these files to test.html or uploadtest.html and call this file in the browser, choose php as language and test. After testing, rename these files or delete them on the server

3. and that is most important: Password-Protect the folder /FCKeditor/editor/filemanager/connectors/php/

to do this, use either the administration-panel of your webspace (mostly you will find the topic “password protect directories” there)

or use a .htaccess-generator which you might find here: www.webmaster-toolkit.com

Following these 3 steps, your FCKeditor-Integration will be safe that nobody uploads any files. Only the fileupload from the editor directly inside CMSimple after logging in will be possible.

it can happen that the file-upload to your image-directory \images in the CMSimple-Root is not supported, but uploading MP3 or Flash to the other directories is possible.

Why? The answer is simple but not easy to find:

there are only graphic-filetypes allowed for the image-directory: gif|jpeg|png|bmp not html, but as the standard-CMSimple installation sets an index.html into the image-directory to prevent occasional directory-listing, you might run into problems.

• Solution: delete all html-files in the image-directory!
• The best way is to prevent directory listing by configuring your server correctly

Solution: Check the file ./content/content.htm Check that you have no mixed uppercase/lowercase spelling of the <H1>-Tags and <H2>-tags if you find pairs like <H1> </h1> etc., this is the reason for the trouble.

Version 2.2.0 Update by Connie Müller-Gödecke, 2008-07-13:

• modified fckeditor.js in order to get FCKeditor working with Opera 9 and higher
• manual updated to comply with FCKEditor4CMSimple 2.2.0

Version 2.2.0 beta 4 Update by Holger Irmler, 2008-07-01:

• Code rewritten to use with PHP from Version 4.1.0 (Version 2.2.0 beta 3 only runs on servers with PHP 5 and newer)

Version 2.2.0 beta 3 Update by Holger Irmler, 2008-06-29:

• Editor core update to FCKeditor 2.6.2, released on June 24, 2008, with a lot of bugfixes (see: http://www.fckeditor.net/whatsnew)
• Code for internal linking complete rewritten by Holger Irmler: Internal Links now working “cross-language” from <H1> to <H4> menuelevel
• ./cmsimple/fckeditor.php direct - access check integrated
• Filebrowser integration: Enhanced security check integrated

Version 2.2.0 beta 1 & 2 (non public) Update by Holger Irmler, 2008-06-18:

• Editor core update to FCKeditor 2.6.1, released on June 12, 2008, with a lot of bugfixes (see: http://www.fckeditor.net/whatsnew)
• Code for internal linking complete rewritten by Holger Irmler & Klaus Treichler, Internal “cross-language-links” integrated
• Internal linking ported to a FCKeditor-Plugin called “SiteLink” by Klaus Treichler
• Auto-detect the base upload folder (./images) for use in connector.php
• For easier updates, all CMSimple or user related configuration files are renamed and moved to a folder called “./FCKeditor/custom_configurations/”
• By default now FCKeditor uses your style-definitions from your template for the edit-area
• Default language now set to autodetected browser language with fallback to “en”

Version 2.0 / 2.1 Update: FCKEditor-Integration Version 2.1 by Connie Müller-Gödecke, April 2008:

• Updated the editor version to FCKEditor 2.6
• Added Base-Path to the location of the script, so the Editor can be used in multilingual installations as well, modified by Holger Irmler, April 2008
• CMSimple Internal Links support multilingual installations as well modified by Klaus Treichler

Version 1.1 by Connie Müller-Gödecke, March 2008, following Andrew Gregory’s hint for optimizing encoding special characters. see here: http://www.cmsimple.dk/forum/viewtopic.php?t=6134

Version 1.0 Update: FCKEditor 2.5.1 by Connie Müller-Gödecke, December 2007

• FCKeditor CMSimple Special Edition is compiled and documentated by Connie Müller-Gödecke, http://www.webdeerns.de
• the support for multilingual-sites and the security-check, that only logged-in users may use the file-upload, are integrated by Holger Irmler
• the internal linking to CMSimple-internal pages was integrated by Klaus Treichler, http://www.treichler.at