Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

ckeditor bad config.js file


Sam-AUST

Recommended Posts

Hi guys, it appears the installed ckeditor and kcfinder bundle we have has a bad config.js file that links to admin - can anyone advise what the paths should be?

   config.filebrowserBrowseUrl = 'http://www.webdomain.com.au/admin/kcfinder/browse.php?type=files';
   config.filebrowserImageBrowseUrl = 'http://www.webdomain.com.au/admin/kcfinder/browse.php?type=images';
   config.filebrowserFlashBrowseUrl = 'http://www.webdomain.com.au/admin/kcfinder/browse.php?type=flash';
   config.filebrowserUploadUrl = 'http://www.webdomain.com.au/admin/kcfinder/upload.php?type=files';
   config.filebrowserImageUploadUrl = 'http://www.webdomain.au/admin/kcfinder/upload.php?type=images';
   config.filebrowserFlashUploadUrl = 'http://www.webdomain.com.au/admin/kcfinder/upload.php?type=flash';

The last thing anyone needs is having files image files etc uploaded to admin when it is used..

Link to comment
Share on other sites

What is the difference between "www.webdomain.au" and "www.webdomain.com.au"?
 

   config.filebrowserImageUploadUrl = 'http://www.webdomain.au/admin/kcfinder/upload.php?type=images';

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

Please ignore that entry, that was nothing more than a typo when I changed the domain, it's the link to the admin in this contribution that is the security risk - it allows people to follow image paths direct to your (renamed) admin section.

Link to comment
Share on other sites

According the readme,

CKEDITOR.editorConfig = function( config ) {
   config.filebrowserBrowseUrl = '/admin/kcfinder/browse.php?type=files';
   config.filebrowserImageBrowseUrl = '/admin/kcfinder/browse.php?type=images';
   config.filebrowserFlashBrowseUrl = '/admin/kcfinder/browse.php?type=flash';
   config.filebrowserUploadUrl = '/admin/kcfinder/upload.php?type=files';
   config.filebrowserImageUploadUrl = '/admin/kcfinder/upload.php?type=images';
   config.filebrowserFlashUploadUrl = '/admin/kcfinder/upload.php?type=flash';
};




NOTE: If your site resides is a subdirectory it is sometimes necessary (depending on server) to give the full path URL

Link to comment
Share on other sites

The contribution then uploads images to a folder within your admin and anyone from the front can then see your admin location - surely that isn't how it is intended?

 

This comes with the CKEditor contribution, it's a bit of a worry!!

Link to comment
Share on other sites

 

 

The contribution then uploads images to a folder within your admin and anyone from the front can then see your admin location - surely that isn't how it is intended?

Ofcourse its is possible to move the upload directory to the "catalog"  side, example make a directory upload and define path uploadURL in the the config php.

 

It was explained in the text file also;

The upload settings can be found in the the /kcfinder/config.php by default any image will be uploaded to /admin/kcfinder/upload/images/ which I personally do not like better to put them in the catalog/images/ where they belong as over the years they may gather  although it is possibile to browse and delete from the admin ckeditor so up to you.
Link to comment
Share on other sites

  • 2 months later...

 

Ofcourse its is possible to move the upload directory to the "catalog"  side, example make a directory upload and define path uploadURL in the the config php.

 

It was explained in the text file also;

The upload settings can be found in the the /kcfinder/config.php by default any image will be uploaded to /admin/kcfinder/upload/images/ which I personally do not like better to put them in the catalog/images/ where they belong as over the years they may gather  although it is possibile to browse and delete from the admin ckeditor so up to you.

 

 

Hi Bert, how should the upload URL be shown? Mine just says:

 

    'uploadURL' => "upload",
    'uploadDir' => "",
 
I tried some variations, but nothing uploads ever and the "browse server" button always takes me to the front page of the website, so it doesn't work at all.
Link to comment
Share on other sites

 

Hi Bert, how should the upload URL be shown? Mine just says:

 

    'uploadURL' => "upload",
    'uploadDir' => "",
 
I tried some variations, but nothing uploads ever and the "browse server" button always takes me to the front page of the website, so it doesn't work at all.

 

here is my working config from ckeditor and kcfinder

 

ext/ckeditor/config.js

CKEDITOR.editorConfig = function( config ) {
   config.filebrowserBrowseUrl = 'kcfinder/browse.php?type=files';
   config.filebrowserImageBrowseUrl = 'kcfinder/browse.php?type=images';
   config.filebrowserFlashBrowseUrl = 'kcfinder/browse.php?type=flash';
   config.filebrowserUploadUrl = 'kcfinder/upload.php?type=files';
   config.filebrowserImageUploadUrl = 'kcfinder/upload.php?type=images';
   config.filebrowserFlashUploadUrl = 'kcfinder/upload.php?type=flash';

and from adminroot kcfinder config.php

 

    'uploadDir' => "",
Link to comment
Share on other sites

  • 3 weeks later...
  • 1 month later...

@@Fiber can I ask you, do you find on the catalog side of your stores with kcfinder that kcfinder sets 7 different cookies? It is showing in chrome and it seems strange to me that it does this. It may also put cookie-phobes off the website. I hardly use the kcfinder for uploading as I tend to ftp things and then link to them that way.

 

Could you check your sites? It shows with a ! in chrome and you can see the cookies easily there.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...