summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.txt6
-rw-r--r--fckeditor.module26
2 files changed, 26 insertions, 6 deletions
diff --git a/README.txt b/README.txt
index 6cefeab..41eab64 100644
--- a/README.txt
+++ b/README.txt
@@ -52,6 +52,12 @@ Configuration
3. Under settings, configure the fckeditor settings.
4. Grant permissions for use of FCKeditor in Administer > Access Control
+Security
+--------
+Note that enabling file uploads is a security risk. That's why there is a
+separate permission in Administer > Access Control for enabling the file
+browser to certain groups.
+
How to enable the imagebrowser (in FCKeditor 2.3.x)
---------------------------------------------------
The editor gives the end user the flexibility to create a custom file browser
diff --git a/fckeditor.module b/fckeditor.module
index 3c22f8b..024ed37 100644
--- a/fckeditor.module
+++ b/fckeditor.module
@@ -43,6 +43,8 @@ function fckeditor_help($section = '') {
case 'admin/help#fckeditor':
$output = t("<p>The FCKeditor module allows Drupal to replace textarea fields with a rich text or <acronym title=\"What You See Is What You Get\">WYSIWYG</acronym> editor. This editor brings many of the powerful functionalities of known desktop editors like Word to the web. It's relatively lightweight and doesn't require any kind of installation on the client computer.</p>
<p>More information is located at the %fckeditorlink. A small user guide is located at %userguidelink.</p>", array('%fckeditorlink'=>l(t('FCKeditor homepage'), 'http://www.fckeditor.net'), '%userguidelink'=>l(t('FCKeditor userguide'), 'http://wiki.fckeditor.net/UsersGuide')));
+ $output .= t('<h3>Security</h3>
+<p>Note that enabling file uploads is a security risk, please take care about to who and when you will grant access.</p>');
// the rest is untranslated for the moment
$output .= "<h3>How to enable the imagebrowser (in FCKeditor 2.3.x)</h3>
<p>The editor gives the end user the flexibility to create a custom file browser that can be integrated on it. The included file browser allows users to view the content of a specific directory on the server and add new content to that directory (create folders and upload files).</p>
@@ -60,7 +62,7 @@ function fckeditor_help($section = '') {
* Implementation of hook_perm
*/
function fckeditor_perm() {
- return array('use default fckeditor', 'use advanced fckeditor');
+ return array('use default fckeditor', 'use advanced fckeditor', 'allow fckeditor file uploads');
}
/**
@@ -236,14 +238,26 @@ var ".$js_id." = new FCKeditor( '".$element['#id']."' );
".$js_id.".BasePath = '".$module_full_path."/fckeditor/';
".$js_id.".Config['CustomConfigurationsPath'] = '".$module_full_path."/fckeditor.config.js';
".$js_id.".ToolbarSet = '".$toolbar."';
-".$js_id.".Height = '".$height."';";
+".$js_id.".Height = '".$height."';\n";
// add code for filebrowser for users that have access
- $element['#suffix'] .= "".$js_id.".Config['LinkBrowserURL'] = '".$module_full_path."/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/php/connector.php&ServerPath=/".variable_get("file_directory_path", 'files')."';
+ if (user_access('allow fckeditor file uploads')) {
+ $element['#suffix'] .= $js_id.".Config['LinkBrowserURL'] = '".$module_full_path."/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/php/connector.php&ServerPath=/".variable_get("file_directory_path", 'files')."';
".$js_id.".Config['ImageBrowserURL'] = '".$module_full_path."/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/php/connector.php&ServerPath=/".variable_get("file_directory_path", 'files')."';
-".$js_id.".Config['FlashBrowserURL'] = '".$module_full_path."/fckeditor/editor/filemanager/browser/default/browser.html?Type=Flash&Connector=connectors/php/connector.php&ServerPath=/".variable_get("file_directory_path", 'files')."';";
+".$js_id.".Config['FlashBrowserURL'] = '".$module_full_path."/fckeditor/editor/filemanager/browser/default/browser.html?Type=Flash&Connector=connectors/php/connector.php&ServerPath=/".variable_get("file_directory_path", 'files')."';
+".$js_id.".Config['LinkUpload'] = false;
+".$js_id.".Config['ImageUpload'] = false;
+".$js_id.".Config['FlashUpload'] = false;\n";
+ } else {
+ $element['#suffix'] .= $js_id.".Config['LinkBrowser'] = false;
+".$js_id.".Config['ImageBrowser'] = false;
+".$js_id.".Config['FlashBrowser'] = false;
+".$js_id.".Config['LinkUpload'] = false;
+".$js_id.".Config['ImageUpload'] = false;
+".$js_id.".Config['FlashUpload'] = false;\n";
+ }
- $element['#suffix'] .= "</script>";
+ $element['#suffix'] .= "</script>\n";
if (variable_get('fckeditor_popup', '0')) {
// Add the script file with the popup open function.
@@ -254,7 +268,7 @@ var ".$js_id." = new FCKeditor( '".$element['#id']."' );
// if no popup mode, add the editor
$element['#suffix'] .="<script type=\"text/javascript\">
".$js_id.".ReplaceTextarea();
-</script>";
+</script>\n";
}
}
return $element;