Security problem!!!!

With FCKeditor you can hack a site without problems if folder permissions are not well configured.

http://www.fckeditor.net/FCKeditor/edit ... rverPath=/

Here you can see all site, and if your web server have write permissions you can upload files. If some one uploads a php file to some server with write permisions like this....  <? rm -R -f * ?>

Tue, 02/08/2005 - 02:54

fredck

Joined: 19/01/2007

Posts: 898

RE: Security problem!!!!

I just fixed this security in the editor web site. The solution will be published in the next version RC3 (by the end of the month).

Now, the above link is not working anymore.

FredCK

Frederico Knabben
CKEditor Project Lead and CKSource Owner
--
Follow us on: Twitter | Facebook | Google+ | LinkedIn

Tue, 02/08/2005 - 08:31

jaynews

Joined: 08/02/2005

Posts: 1

RE: Security problem!!!!

Can you please share the solution to the other of us who cant wait until the end of Feb?

/Jay

Tue, 02/08/2005 - 10:06

fredck

Joined: 19/01/2007

Posts: 898

RE: Security problem!!!!

Take a look at this page... you will find the files there (attention to carriage returns):
http://sourceforge.net/tracker/index.ph ... tid=543653

FredCK

Frederico Knabben
CKEditor Project Lead and CKSource Owner
--
Follow us on: Twitter | Facebook | Google+ | LinkedIn

Tue, 02/08/2005 - 11:40

hastursan

Joined: 07/02/2005

Posts: 2

I have some sugestion for more flexible configuration:

you could add to config.php:
$Config['AllowedTypes'] = array('File', 'Image', 'Flash', 'Media',....) ; //All tyes you want

And change in connector.php:
// Check if it is an allowed type.
if ( !in_array( $sResourceType, $Config['AllowedTypes']) )
return ;

With this modification you only have to edit config.php to add a new type