Changes between Initial Version and Version 1 of ServerSideStatus


Ignore:
Timestamp:
Dec 14, 2006, 10:58:43 AM (13 years ago)
Author:
Frederico Caldeira Knabben
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ServerSideStatus

    v1 v1  
     1= Server Side Integration Status =
     2This page aims to document the status of all server side implementations available in the FCKeditor. The !JavaScript implantation is also included. In this way all implementation will have the same expected quality level, simplifying also the introduction of new features in all languages.
     3
     4You will find list of features required for all integration languages, separated in the following blocks:
     5
     6 * '''FCKeditor Creator''': the API used to create FCKeditor instances and load them in a page.
     7 * '''File Browser Connector and Quick Uploader''': the communication system for the generic File Browser and Quick Uploader interfaces
     8 * '''Other''': other features related to the integration
     9
     10
     11
     12== FCKeditor Creator ==
     13
     14||                        ||AFP   ||ASP   ||ASP.Net||!ColdFusion||Java  ||Lasso ||Perl  ||PHP   ||Python||!JavaScript||
     15||Instance Creator System ||  X   ||  X   ||  X    ||           ||  X   ||  X   ||      ||  X   ||      ||  X        ||
     16||!BasePath               ||      ||      ||       ||           ||  X   ||  X   ||      ||  X   ||      ||  X        ||
     17||"Create()" function     ||  X   ||  X   ||  X    ||           ||  X   ||  X   ||      ||  X   ||      ||  X        ||
     18||"!CreateHtml()" function||  X   ||      ||       ||           ||      ||      ||      ||  X   ||      ||  X        ||
     19||Configuration Object    ||  X   ||  X   ||  X    ||           ||  X   ||  X   ||      ||  X   ||      ||  X        ||
     20||"FCKeditor_!IsCompatibleBrowser()" function ||  X   ||      ||       ||           ||      ||  X   ||      ||      ||      ||  X        ||
     21
     22==== Instance Creator System ====
     23
     24A language compatible implementation to create FCKeditor instances, according to the Developer’s Guide specifications (http://wiki.fckeditor.net/Developer%27s_Guide/Participating/Server_Side_Integration#Creator). The !BasePath, Width, Height, !ToolbarSet and Value properties are required.
     25
     26A similar implementation must be provided in a TAG based server side language.
     27
     28==== BasePath ====
     29
     30The integration file must point, by default, to the "/fckeditor/" folder (lowercased).
     31
     32==== "Create()" function ====
     33
     34The Create() function which outputs the editor HTML in the place where the function is called. It can be also replaced by a TAG based system.
     35
     36==== "CreateHtml()" function ====
     37
     38The !CreateHtml() function which retrieves the editor HTML so developers can use it in other ways in their code.
     39
     40==== Configuration Object ====
     41
     42A collection or object which holds configurations set in the moment of the instance creation. For example, by calling "oFCKeditor.Config[‘!FullPage’] = true" in the !JavaScript integration. This object must accept Boolean, String  and Integer values.
     43
     44The integration must be "smart", depending on the specific language features. For example, with ASP.Net, setting like "!CustomConfigurationsPath" can be set to something like "~/myconfig.js", where the tilde must be resolved in the server side to point to the application root.
     45
     46We are aware about limitations of the current system. It is not possible to set new toolbars, !ProtectedSource or any object or array based configuration. We’ll most probably be implementing a JSON compatible system soon.
     47
     48==== "FCKeditor_IsCompatibleBrowser()" function ====
     49
     50The integration must provide a generic FCKeditor_!IsCompatibleBrowser() function that is independent of the instance creation. In this way developers can check the FCKeditor compatibility for their own needs, without having to create an editor instance.
     51
     52
     53
     54== File Browser Connector and Quick Uploader ==
     55
     56Note: As of version 2.4, the quick uploader will use the File Browse connector uploading features. We will be working on it soon.
     57
     58||                        ||AFP   ||ASP   ||ASP.Net||!ColdFusion||Java  ||Lasso ||Perl  ||PHP   ||Python||
     59||Basic Commands          ||      ||  X   ||  X    ||           ||      ||  X   ||      ||  X   ||      ||
     60||Explicit Activation     ||      ||  X   ||       ||           ||      ||      ||      ||  X   ||      ||
     61||Configuration File      ||      ||  X   ||       ||           ||      ||  X   ||      ||  X   ||      ||
     62
     63Security Checks:
     64
     65||                        ||AFP   ||ASP   ||ASP.Net||!ColdFusion||Java  ||Lasso ||Perl  ||PHP   ||Python||
     66||Allowed Type            ||      ||  X   ||       ||           ||      ||      ||      ||  X   ||      ||
     67||Avoid paths with ".."   ||      ||  X   ||       ||           ||      ||      ||      ||  X   ||      ||
     68||!ForceSingleExtension   ||      ||      ||       ||           ||      ||      ||      ||  X   ||      ||
     69||Check Allowed Extension ||      ||  X   ||       ||           ||      ||  X   ||      ||  X   ||      ||
     70
     71
     72==== Basic Commands ====
     73
     74Implementation of the connector basic commands: !GetFolders, !GetFoldersAndFiles, !CreateFolder and !FileUpload.
     75
     76==== Explicit Activation ====
     77
     78All connectors must be explicitly activated by the users. There are many people out there using FCKeditor that are not even aware about the existence of the connectors. If the connectors are enabled by default, hackers can use them to upload files to the server without users notice.
     79
     80==== Configuration File ====
     81
     82Many features of the connector must be configurable by the developers with easy. The PHP configuration file can be used as the base of the required configurable settings.
     83
     84==== Allowed Type ====
     85
     86Check if and allowed file Type has been requested. For now, the allowed types are: File, Image, Flash and Media. If not specified, it defaults to "File". This list may be more flexible in the future.
     87
     88==== Avoid paths with ".." ====
     89
     90To avoid hackers accessing unauthorized path like "../../../", we must refuse any request for Folders with two points in the path.
     91
     92==== !ForceSingleExtension ====
     93
     94Another security issue may be found if users upload files named like "hacked.php.txt". Connectors may check that file as a "txt" file, but they can be configured in the server to be processed as a "php" file. So, we should rename the file to "hacked_php.txt", replacing dots with underscore, leaving only the last one. This check should be configurable.
     95
     96==== Check Allowed Extension ====
     97
     98This is the most important check on uploads. The file extension must be checked by type, as defined in the configuration file. The default configurations must mach those in the PHP configuration file.
     99
     100
     101
     102== Other ==
     103
     104||              ||AFP   ||ASP   ||ASP.Net||!ColdFusion||Java  ||Lasso ||Perl  ||PHP   ||Python||!JavaScript||
     105||Samples       ||  X   ||  X   ||       ||           ||      ||  X   ||      ||  X   ||      ||  X        ||
     106||Documentation ||  X   ||  X   ||  X    ||           ||      ||      ||      ||  X   ||      ||  X        ||
     107
     108
     109==== Samples ====
     110
     111All implementation should provide samples from 01 to 04, compatible with the "html" samples.
     112
     113==== Documentation ====
     114
     115At our Wiki (http://wiki.fckeditor.net), there is a dedicated section in the TOC for the server side integration with very basic documentation. Every integration should have its page there. The ASP.Net and PHP pages can be used as a base for the structure.
     116
     117There is very restricted access to the TOC page, so if your page is missing there, just ask FredCK to add it there once you have completed it.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy