| | 1 | = Server Side Integration Status = |
| | 2 | This page aims to document the status of all server side implementations available in the FCKeditor. The !JavaScript implantation is also included. In this way all implementation will have the same expected quality level, simplifying also the introduction of new features in all languages. |
| | 3 | |
| | 4 | You will find list of features required for all integration languages, separated in the following blocks: |
| | 5 | |
| | 6 | * '''FCKeditor Creator''': the API used to create FCKeditor instances and load them in a page. |
| | 7 | * '''File Browser Connector and Quick Uploader''': the communication system for the generic File Browser and Quick Uploader interfaces |
| | 8 | * '''Other''': other features related to the integration |
| | 9 | |
| | 10 | |
| | 11 | |
| | 12 | == FCKeditor Creator == |
| | 13 | |
| | 14 | || ||AFP ||ASP ||ASP.Net||!ColdFusion||Java ||Lasso ||Perl ||PHP ||Python||!JavaScript|| |
| | 15 | ||Instance Creator System || X || X || X || || X || X || || X || || X || |
| | 16 | ||!BasePath || || || || || X || X || || X || || X || |
| | 17 | ||"Create()" function || X || X || X || || X || X || || X || || X || |
| | 18 | ||"!CreateHtml()" function|| X || || || || || || || X || || X || |
| | 19 | ||Configuration Object || X || X || X || || X || X || || X || || X || |
| | 20 | ||"FCKeditor_!IsCompatibleBrowser()" function || X || || || || || X || || || || X || |
| | 21 | |
| | 22 | ==== Instance Creator System ==== |
| | 23 | |
| | 24 | A language compatible implementation to create FCKeditor instances, according to the Developer’s Guide specifications (http://wiki.fckeditor.net/Developer%27s_Guide/Participating/Server_Side_Integration#Creator). The !BasePath, Width, Height, !ToolbarSet and Value properties are required. |
| | 25 | |
| | 26 | A similar implementation must be provided in a TAG based server side language. |
| | 27 | |
| | 28 | ==== BasePath ==== |
| | 29 | |
| | 30 | The integration file must point, by default, to the "/fckeditor/" folder (lowercased). |
| | 31 | |
| | 32 | ==== "Create()" function ==== |
| | 33 | |
| | 34 | The Create() function which outputs the editor HTML in the place where the function is called. It can be also replaced by a TAG based system. |
| | 35 | |
| | 36 | ==== "CreateHtml()" function ==== |
| | 37 | |
| | 38 | The !CreateHtml() function which retrieves the editor HTML so developers can use it in other ways in their code. |
| | 39 | |
| | 40 | ==== Configuration Object ==== |
| | 41 | |
| | 42 | A collection or object which holds configurations set in the moment of the instance creation. For example, by calling "oFCKeditor.Config[‘!FullPage’] = true" in the !JavaScript integration. This object must accept Boolean, String and Integer values. |
| | 43 | |
| | 44 | The integration must be "smart", depending on the specific language features. For example, with ASP.Net, setting like "!CustomConfigurationsPath" can be set to something like "~/myconfig.js", where the tilde must be resolved in the server side to point to the application root. |
| | 45 | |
| | 46 | We are aware about limitations of the current system. It is not possible to set new toolbars, !ProtectedSource or any object or array based configuration. We’ll most probably be implementing a JSON compatible system soon. |
| | 47 | |
| | 48 | ==== "FCKeditor_IsCompatibleBrowser()" function ==== |
| | 49 | |
| | 50 | The integration must provide a generic FCKeditor_!IsCompatibleBrowser() function that is independent of the instance creation. In this way developers can check the FCKeditor compatibility for their own needs, without having to create an editor instance. |
| | 51 | |
| | 52 | |
| | 53 | |
| | 54 | == File Browser Connector and Quick Uploader == |
| | 55 | |
| | 56 | Note: As of version 2.4, the quick uploader will use the File Browse connector uploading features. We will be working on it soon. |
| | 57 | |
| | 58 | || ||AFP ||ASP ||ASP.Net||!ColdFusion||Java ||Lasso ||Perl ||PHP ||Python|| |
| | 59 | ||Basic Commands || || X || X || || || X || || X || || |
| | 60 | ||Explicit Activation || || X || || || || || || X || || |
| | 61 | ||Configuration File || || X || || || || X || || X || || |
| | 62 | |
| | 63 | Security Checks: |
| | 64 | |
| | 65 | || ||AFP ||ASP ||ASP.Net||!ColdFusion||Java ||Lasso ||Perl ||PHP ||Python|| |
| | 66 | ||Allowed Type || || X || || || || || || X || || |
| | 67 | ||Avoid paths with ".." || || X || || || || || || X || || |
| | 68 | ||!ForceSingleExtension || || || || || || || || X || || |
| | 69 | ||Check Allowed Extension || || X || || || || X || || X || || |
| | 70 | |
| | 71 | |
| | 72 | ==== Basic Commands ==== |
| | 73 | |
| | 74 | Implementation of the connector basic commands: !GetFolders, !GetFoldersAndFiles, !CreateFolder and !FileUpload. |
| | 75 | |
| | 76 | ==== Explicit Activation ==== |
| | 77 | |
| | 78 | All connectors must be explicitly activated by the users. There are many people out there using FCKeditor that are not even aware about the existence of the connectors. If the connectors are enabled by default, hackers can use them to upload files to the server without users notice. |
| | 79 | |
| | 80 | ==== Configuration File ==== |
| | 81 | |
| | 82 | Many features of the connector must be configurable by the developers with easy. The PHP configuration file can be used as the base of the required configurable settings. |
| | 83 | |
| | 84 | ==== Allowed Type ==== |
| | 85 | |
| | 86 | Check if and allowed file Type has been requested. For now, the allowed types are: File, Image, Flash and Media. If not specified, it defaults to "File". This list may be more flexible in the future. |
| | 87 | |
| | 88 | ==== Avoid paths with ".." ==== |
| | 89 | |
| | 90 | To avoid hackers accessing unauthorized path like "../../../", we must refuse any request for Folders with two points in the path. |
| | 91 | |
| | 92 | ==== !ForceSingleExtension ==== |
| | 93 | |
| | 94 | Another security issue may be found if users upload files named like "hacked.php.txt". Connectors may check that file as a "txt" file, but they can be configured in the server to be processed as a "php" file. So, we should rename the file to "hacked_php.txt", replacing dots with underscore, leaving only the last one. This check should be configurable. |
| | 95 | |
| | 96 | ==== Check Allowed Extension ==== |
| | 97 | |
| | 98 | This is the most important check on uploads. The file extension must be checked by type, as defined in the configuration file. The default configurations must mach those in the PHP configuration file. |
| | 99 | |
| | 100 | |
| | 101 | |
| | 102 | == Other == |
| | 103 | |
| | 104 | || ||AFP ||ASP ||ASP.Net||!ColdFusion||Java ||Lasso ||Perl ||PHP ||Python||!JavaScript|| |
| | 105 | ||Samples || X || X || || || || X || || X || || X || |
| | 106 | ||Documentation || X || X || X || || || || || X || || X || |
| | 107 | |
| | 108 | |
| | 109 | ==== Samples ==== |
| | 110 | |
| | 111 | All implementation should provide samples from 01 to 04, compatible with the "html" samples. |
| | 112 | |
| | 113 | ==== Documentation ==== |
| | 114 | |
| | 115 | At our Wiki (http://wiki.fckeditor.net), there is a dedicated section in the TOC for the server side integration with very basic documentation. Every integration should have its page there. The ASP.Net and PHP pages can be used as a base for the structure. |
| | 116 | |
| | 117 | There is very restricted access to the TOC page, so if your page is missing there, just ask FredCK to add it there once you have completed it. |
