What's wrong with FCK Editor...?

New Member Joined: Jun 25, 2005 Posts: 1

Hi!

Ive been trying to make work the FCK Editor over PHP-Nuke 7.6 and I couldnt... I always get the error exposed in the attached image.

Then, i decided to install the new RC4 Premium pack, which includes the FCK Editor and Spaw. I thought it was gonna be easy, but I am getting the same f***ing error!!!

I think, maybe could be because Im running my website from http://www.gazpachu.com/portal , but I changed this path in the Spaw_control.php...

I dont know what else to do.

HELP PLEASE!!!

Many thanks!.
Joan, Spain.

Ok.. now Its fixed... You have to fix the basepath in the FCKEditor.php.

Now the problem is that there is no button to submit the article in the admin menu... So, when I check the article somebody wrote, I can accept it... I just see the preview and that's it!

Sad

registered · Regular Joined: May 28, 2005 Posts: 90

try the version i ported on my site Smile

Posted: Mon Jul 18, 2005 9:02 pm

Manuel I'm running to give it a look too. I found after the lateset greatest IE6 updates and win2k SP5 patches the one I was using will only work in FireFox. Hope this is the cure I really like it when it works lol!

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Six! Very nice to see you again...

I modified the FCKeditor module for PHP-Nuke to work with many different functions (7, with at least 10 more to go) on a test server as a function, rather than only as a news submission module. I need to address some security issues, but otherwise it is working well with both Internet Exploder (pun intended) and Firefox. I hope to make this all available to anyone interested as soon as the security issues are addressed.

Posted: Tue Jul 19, 2005 4:31 am

kguske
You can count me in as *interested*. I'm currently using SPAW but am concerned with the security issues with having to add additional 'allowable' html tags to the array in config.php in order to get the functionality I need.

Posted: Tue Jul 19, 2005 5:42 am

Unfortunately, the FCKeditor approach requires changes to allowable HTML, too. That array might be too restrictive in it's default form, so I'm trying to strike a happy medium, but am looking also at alternatives. I'm also trying to restrict certain FCKeditor functions to which you wouldn't want a news submitter to have access.

As with SPAW and others, some Nuke functions like content administration need to be modified to avoid slower page loads that occur when you load a WYSIWYG editor 6 times on the same page. But those changes improve the efficiency of those pages even without a WYSIWYG editor, IMO, by focusing on specific tasks rather than trying to accomplish ALL possible tasks on the same page.

Contenudo (the content module replacement from the current developers of CNB Your Account) implements FCKeditor (and hopefully addresses these issues) - but I didn't use it for several reasons:

The FCKeditor module from phpnuker.de addresses security by turning off all functions that affect security. There has to be a way to provide some of those additional functions while addressing the specific security issues they raise. Currently, I turn off some functions that impact security for regular users, but give admins full access (limited somewhat by an expanded allowable html array).

Posted: Tue Jul 19, 2005 9:20 am

Yes it would seem prudent to use some sort if admin authority permission check for additional allowable html tags.
Perhaps 2 arrays might be benficial;
if admin use array2 else array1
Not being knowledgable enough with PHP I can only think logically rather than through the knowledge and vagarities of PHP programmer.
However, I'll wish you good look and look forward to more posts on this subject.

Posted: Tue Jul 19, 2005 10:17 am

The problem is that the current allowable html tags approach prevents valid html tags that are used by default in the WYSIWYG editor. So, if we use a more restrictive array for non-admins, WYSIWYG editors won't work. We could limit the WYSIWYG editor to just admins, but my initial approach was to allow some additional tags - but not all. I allow admins to have full FCKeditor functionality, which includes both file editing and uploading, but don't allow non-admins to access this functionality.

The approach used in 7.7 and 7.8 was to disable this allowable html tags check altogether, opening up security holes.

There has to be a happy medium somewhere...

Posted: Tue Jul 19, 2005 10:40 am

I've been using kses (renamed to prevent conflicts) as the check_html function in mainfile.php. There are still some limitations but it goes a long way towards the desired result (universally safer html tags).

With FCK I removed the color selector and used the xml styles for a color menu. Not a 100% solution but it was (Until IE crashed) a good compromise of usability and security.

Really looking forward to trying your test site because otherwise I'll be looking at htmlArea again and probably switching back and forth based on browser detection. (Yuck) which makes file uploading a real mess between the 2 locations.

I know XIA has released a bbcode news that could be setup to work universally too but I prefer the html myself.

~sixonetonoffun

Posted: Tue Jul 19, 2005 12:03 pm

kses? Please PM some info on that or a link. I'll pm a link to the test site (it's not properly secured, or I'd post the link here), but I suspect you are further along. I've simply added some configuration groups and implemented the class in several places.