Server Side Integration Status
This page aims to document the status of all server side implementations available in the FCKeditor. The JavaScript implantation is also included. In this way all implementation will have the same expected quality level, simplifying also the introduction of new features in all languages.
You will find list of features required for all integration languages, separated in the following blocks:
- FCKeditor Creator: the API used to create FCKeditor instances and load them in a page.
- File Browser Connector and Quick Uploader: the communication system for the generic File Browser and Quick Uploader interfaces
- Other: other features related to the integration
FCKeditor Creator
AFP | ASP | ASP.Net | ColdFusion | Java | Lasso | Perl | PHP | Python | JavaScript | |
Instance Creator System | X | X | X | X | X | X | X | X | ||
BasePath | X | X | X | X | X | X | X | |||
"Create()" function | X | X | X | X | X | X | X | X | ||
"CreateHtml()" function | X | X | X | X | X | X | X | |||
Configuration Object | X | X | X | X | X | X | X | X | ||
"FCKeditor_IsCompatibleBrowser()" function | X | X | X | X | X | X | X | X |
Instance Creator System
A language compatible implementation to create FCKeditor instances, according to the Developer’s Guide specifications (http://wiki.fckeditor.net/Developer%27s_Guide/Participating/Server_Side_Integration#Creator). The BasePath, Width, Height, ToolbarSet and Value properties are required.
A similar implementation must be provided in a TAG based server side language.
BasePath
The integration file must point, by default, to the "/fckeditor/" folder (lowercased).
"Create()" function
The Create() function which outputs the editor HTML in the place where the function is called. It can be also replaced by a TAG based system.
"CreateHtml()" function
The CreateHtml() function which retrieves the editor HTML so developers can use it in other ways in their code.
Configuration Object
A collection or object which holds configurations set in the moment of the instance creation. For example, by calling "oFCKeditor.Config!FullPage? = true" in the JavaScript integration. This object must accept Boolean, String and Integer values.
The integration must be "smart", depending on the specific language features. For example, with ASP.Net, setting like "CustomConfigurationsPath" can be set to something like "~/myconfig.js", where the tilde must be resolved in the server side to point to the application root.
We are aware about limitations of the current system. It is not possible to set new toolbars, ProtectedSource or any object or array based configuration. We’ll most probably be implementing a JSON compatible system soon.
"FCKeditor_IsCompatibleBrowser()" function
The integration must provide a generic FCKeditor_IsCompatibleBrowser() function that is independent of the instance creation. In this way developers can check the FCKeditor compatibility for their own needs, without having to create an editor instance.
File Browser Connector and Quick Uploader
Note: As of version 2.5, the quick uploader will use the File Browse connector uploading features.
AFP | ASP | ASP.Net | ColdFusion | Java | Lasso | Perl | PHP | Python | |
Basic Commands | X | X | X | X | X | X | |||
Explicit Activation | X | X | X | X | X | ||||
Configuration File | X | X | X | X | X | X |
Security Checks:
AFP | ASP | ASP.Net | ColdFusion | Java | Lasso | Perl | PHP | Python | |
Allowed Type | X | X | X | X | X | ||||
Avoid paths with ".." | X | X | X | X | X | ||||
ForceSingleExtension | X | X | X | X | X | ||||
Check Allowed Extension | X | X | X | X | X | X | |||
Check images | X | X | X | X | X |
Basic Commands
Implementation of the connector basic commands: GetFolders, GetFoldersAndFiles, CreateFolder and FileUpload.
Explicit Activation
All connectors must be explicitly activated by the users. There are many people out there using FCKeditor that are not even aware about the existence of the connectors. If the connectors are enabled by default, hackers can use them to upload files to the server without users notice.
Configuration File
Many features of the connector must be configurable by the developers with easy. The PHP configuration file can be used as the base of the required configurable settings.
Allowed Type
Check if and allowed file Type has been requested. For now, the allowed types are: File, Image, Flash and Media. If not specified, it defaults to "File". This list may be more flexible in the future.
Avoid paths with ".."
To avoid hackers accessing unauthorized path like "../../../", we must refuse any request for Folders with two points in the path.
ForceSingleExtension
Another security issue may be found if users upload files named like "hacked.php.txt". Connectors may check that file as a "txt" file, but they can be configured in the server to be processed as a "php" file. So, we should rename the file to "hacked_php.txt", replacing dots with underscore, leaving only the last one. This check should be configurable.
Check Allowed Extension
This is the most important check on uploads. The file extension must be checked by type, as defined in the configuration file. The default configurations must match those in the PHP configuration file.
Check images
If you get a HTML page, rename it to .jpg, for example, and load it into IE, it will open the HTML page, instead of showing an invalid image. So, for image files, a check must be done to ensure those are really images.
Other
AFP | ASP | ASP.Net | ColdFusion | Java | Lasso | Perl | PHP | Python | JavaScript | |
Samples | X | X | X | X | X | X | X | X | X | |
Documentation | X | X | X | X | X | X |
Samples
All implementation should provide samples from 01 to 04, compatible with the "html" samples 01, 03, 04 and 05.
Documentation
At our Wiki (http://wiki.fckeditor.net), there is a dedicated section in the TOC for the server side integration with very basic documentation. Every integration should have its page there. The ASP.Net and PHP pages can be used as a base for the structure.
There is very restricted access to the TOC page, so if your page is missing there, just ask FredCK to add it there once you have completed it.