+- Parsi Coders (http://parsicoders.com)
+-- انجمن: Web Development and Design (http://parsicoders.com/forumdisplay.php?fid=47)
+--- انجمن: ASP, ASP.NET (http://parsicoders.com/forumdisplay.php?fid=49)
+--- موضوع: چگونگی برطرف کردن باگfckeditorدر پروژه ها (/showthread.php?tid=935)
چگونگی برطرف کردن باگfckeditorدر پروژه ها - Ghoghnus - 09-28-2011
سلام دوستان
برای جلوگیری از اپلود فایل روی سرور از طریق fckeditorچه راهی پیشنهاد میکنید?؟
البته در پروژه هایی که خودمان طراحی میکنیم!asp.net?؟
RE: چگونگی برطرف کردن باگfckeditorدر پروژه ها - Amin_Mansouri - 09-28-2011
سطح دسترسی پوشه اپلود رو ببر بالا که حق اپلود نداشته باشه همین
RE: چگونگی برطرف کردن باگfckeditorدر پروژه ها - Ghoghnus - 09-29-2011
(09-28-2011، 04:27 PM)پارسا نوشته: سطح دسترسی پوشه اپلود رو ببر بالا که حق اپلود نداشته باشه همینکجا باید این کار را انجام بدم؟اصلا این فایل که برای آپلود هستش را میشه حذفش کرد یا باید حتما باشه؟
RE: چگونگی برطرف کردن باگfckeditorدر پروژه ها - Amin_Mansouri - 09-30-2011
Remove FCKeditor
If you're not using FCKeditor on your site, you can simply remove the entire fckeditor directory from your webspace. Please note that disabling the Advanced Editor option in the Configuration is not enough.
Disable uploads
If you want to continue using FCKeditor but don't need the ability to upload files through it, you can disable that option in FCKeditor. Please find the following file:
•for Geeklog 1.4.1 (FCKeditor 2.3.1): fckeditor/editor/filemanager/upload/php/config.php
•for Geeklog 1.5.0 (FCKeditor 2.6): fckeditor/editor/filemanager/connectors/php/config.php
In either file, find the line that reads
$Config['Enabled'] = true ;
and change it to = false;
You may want to check for both config files, in case you upgraded from an earlier Geeklog version by overwriting the files. Since the position of the file within FCKeditor changed, you may still have a copy of the old file on your site.
Prevent direct upload
If you need both FCKeditor and the ability to upload files through it, you can prevent direct execution of the upload script. The location of the upload script depends on the version of FCKeditor:
•for Geeklog 1.4.1 (FCKeditor 2.3.1): fckeditor/editor/filemanager/upload/php/upload.php
•for Geeklog 1.5.0 (FCKeditor 2.6): fckeditor/editor/filemanager/connectors/php/upload.php
At the beginning of the upload.php file, after the copyright notice but before the first require(...), add this piece of code:
if (strpos($_SERVER['PHP_SELF'], 'upload.php') !== false) {
die('This file can not be used on its own!');
}
Again, you may want to check both locations, in case you have an older copy of the upload script around.