FCKEditor

FCKEditor is one of the lightweight RTF-Editors (RichTextEditors) which can be integrated into webapplications. Its outstanding advantage is the ability to manage file-upload and file-integration as well as comfortable link-management.

FCKeditor CMSimple Special Edition comes with FCKEditor 2.6, released april 2008.
FCKeditor CMSimple Special Edition is tested with CMSimple 2.9 and higher.

FCKEditor Integration in CMSimple

The integration into CMSimple is easy:
upload the directory FCKeditor to your CMSimple installation and add the file fckeditor.php to the cmsimple-directory. Set “fckeditor” as default editor in Settings.

The FCKeditor CMSimple Special Edition contains only those files, which are needed for integration into a PHP-application, the files for ASP, PERL etc. are stripped, so the package is lighter than the original package.

Special Features

link to internal CMSimple sites
support of multilingual installation with the editor
integrate or upload and integrate images
integrate or upload and integrate FLV- and MP3-Files
integrate or upload and integrate Flash
integrate or upload and integrate files, which you want to offer as downloads
easy link-management
linkmanagement for CMSimple Links supported as well, also in additional languages

The ZIP comes with a detailled installation manual plus additional documentation, explaining the configuration options of FCKeditor for CMSimple.

Links and Downloads

The homepage of FCKeditor: http://www.fckeditor.net

Download FCKeditor CMSimple Special Edition here:
www.webdeerns.de

Security Information

As there are some potential security risks because of the fileupload capability of FCKEditor, some precaution must be used. The task is to avoid file uploads by unauthenticated users.

Update: Now the biggest risk is blocked: only the logged-in user can use the upload-feature, for all other users the upload is disabled. But it is still good use to protect your directories...

So, what has to be done?

1. Take care that you do not allow any dangerous fileformat to be uploaded, especially no .php or .exe-extension should be allowed. in FCKeditor/editor/filemanager/connectors/php/config.php check these lines: take care that only media-filetypes will be allowed!

$Config[’AllowedExtensions’][’Image’] = array(’gif’,’jpeg’,’jpg’,’png’) ; $Config[’AllowedExtensions’][’Flash’] = array(’swf’,’flv’,’mp3’) ; $Config[’AllowedExtensions’][’Media’] = array(’aiff’, ‘asf’, ‘avi’, ‘bmp’, ‘fla’, ‘flv’, ‘gif’, ‘jpeg’, ‘jpg’, ‘mid’, ‘mov’, ‘mp3’, ‘mp4’, ‘mpc’, ‘mpeg’, ‘mpg’, ‘png’, ‘qt’, ‘ram’, ‘rm’, ‘rmi’, ‘rmvb’, ‘swf’, ‘tif’, ‘tiff’, ‘wav’, ‘wma’, ‘wmv’) ; $Config[’AllowedExtensions’][’File’] = array(’7z’, ‘aiff’, ‘asf’, ‘avi’, ‘bmp’, ‘csv’, ‘doc’, ‘fla’, ‘flv’, ‘gif’, ‘gz’, ‘gzip’, ‘jpeg’, ‘jpg’, ‘mid’, ‘mov’, ‘mp3’, ‘mp4’, ‘mpc’, ‘mpeg’, ‘mpg’, ‘ods’, ‘odt’, ‘pdf’, ‘png’, ‘ppt’, ‘pxd’, ‘qt’, ‘ram’, ‘rar’, ‘rm’, ‘rmi’, ‘rmvb’, ‘rtf’, ‘sdc’, ‘sitd’, ‘swf’, ‘sxc’, ‘sxw’, ‘tar’, ‘tgz’, ‘tif’, ‘tiff’, ‘txt’, ‘vsd’, ‘wav’, ‘wma’, ‘wmv’, ‘xls’, ‘xml’, ‘zip’) ;

2. to check the upload system, you will find the following 2 files in FCKeditor/editor/filemanager/connectors/ test.html.txt
uploadtest.html.txt

if you whish to test the upload-capability and find out about the target-folders for the upload, rename at least one of these files to test.html or uploadtest.html and call this file in the browser, choose php as language and test. After testing, rename these files or delete them on the server

3. and that is most important: Password-Protect the folder /FCKeditor/editor/filemanager/connectors/php/

to do this, use either the administration-panel of your webspace (mostly you will find the topic “password protect directories” there)

or use a .htaccess-generator which you might find here: www.webmaster-toolkit.com

Following these 3 steps, your FCKeditor-Integration will be safe that nobody uploads any files. Only the fileupload from the editor directly inside CMSimple after logging in will be possible.

Tip: in case that image-uploads won't work

it could happen that the file-upload to your image-directory \images in the CMSimple-Root is not supported, but uploading MP3 or Flash to the other directories is possible.

Why? The answer is simple but not easy to find:

there are only graphic-filetypes allowed for the image-directory: gif|jpeg|png|bmp but not html, but the standard-CMSimple installation sets an index.html into the image-directory to prevent occasional directory-listing.

Solution: delete all html-files in the image-directory!

Credits

FCKeditor CMSimple Special Edition is compiled and documentated by Connie Müller-Gödecke, http://www.webdeerns.de
the support for multilingual-sites and the security-check, that only logged-in users may use the file-upload, are integrated by Holger
the internal linking to CMSimple-internal pages was integrated by Klaus Treichler, http://www.treichler.at

editors/fckeditor_modified.txt · Last modified: 2008/04/20 00:00 by conniemuellergoedecke