FCKeditor. Net configuration, extension, and security experience (reprinted 〕

Reposted from: http://www.cnblogs.com/zhubo/archive/2008/10/21/using_fckeditor_net.html

FCKeditor is a widely used HTML editor.ASP. NETFCKeditor and FCKeditor. Net configurations and function extensions (suchCustom File Upload subdirectory,Custom file name,Post-processing of uploaded images), AndSecurityIn this article.

I hope to help my colleagues who have the same requirements save some time, and I hope you can correct the shortcomings. Thank you.

1. Customize the basepath of FCKeditor

Basepath is the relative path of FCKeditor on the website. The default value is/FCKeditor/. It is best to configure it in Web. config etettings:

<Add key = "FCKeditor: basepath" value = "/fckeditor_2.6.3/"/>

This method has many advantages:

1. The development environment is different from the production environment. The development environment is generally http: // localhost/hosts;
   In addition, because the physical directory structure is different from the logical directory structure, errors may also occur;
   If Web. config is used, different configurations can be used in the development environment. The physical path of FCKeditor is consistent with that of the production environment;
2. To upgrade FCKeditor, you only need to put the new version of FCKeditor in the directory of the corresponding version number and modify the configuration. In this way, different users may encounter different errors due to the client cache of static resources;
3. You can see the version number of your FCKeditor.

Ii. Configuration File Upload directory

You can configure the File Upload (multipart upload) Directory of FCKeditor through web. config appsettings, for example:

<Add key = "FCKeditor: userfilespath" value = "/uploadfile/FCKeditor/"/>

You can also go to/fckeditorbasepath/Editor/filemanager/connectors/aspx/config. configure in ascx, but I recommend that you do not change the content in the FCKeditor directory (fckconfig. except Js.
Iii. Format of subdirectories uploaded by custom files

We know that a folder cannot store too many files (it is said that 2000 of the Windows directory is the threshold), otherwise access to this directory will seriously affect I/O performance. FCKeditor files are stored in a single directory. I have extended FCKeditor to customize the format of the storage directory in Web. config appsettings, for example:

<Add key = "FCKeditor: folderpattern" value = "% Y/% m-% d/"/>

Take today's date as an example: the format of the generated file upload sub-directory is 2008/10-21 /.
Directories in the format of year, month, and day can be combined at will, for example:

<Add key = "FCKeditor: folderpattern" value = "% Y/% m/% d/"/>

This generated file upload subdirectory is changed to 2008/10/21/

Refer:

• % YIndicates the year of the current time.
• % MThe month of the current time.
• % DIndicates the day of the current time.

Iv. Custom File Upload File Name format

FCKeditor processes file names according to the following rules: If there are no duplicate files in the current directory, the uploaded file names are the same as those in the user's PC; if there are n duplicate files, the file name added to the user's PC is example. XXX, the uploaded file name becomes: Example (n ). xxx

My project requires that the file name uploaded by the user be changed to the guid format, so I have extended the FCKeditor, in the web. config ettings can customize the format of the uploaded file, for example:

<Add key = "FCKeditor: filenamepattern" value = "% guid. % extl"/>

Such a file name as a299e63a-7d2d-493d-bbb9-99162ef5b6b8.gif

Refer:

• % GuidRepresents a new guid string
• % FNLThe lower case of the source file name.
• % FNUIndicates the upper case of the source file name.
• % ExtlLowercase letter indicating the source file extension
• % ExtuIndicates the upper case of the source file extension.

5. Resize uploaded images

Most of the scenarios that use the FCKeditor image upload function are content publishing. The content usually does not require images of several thousands of pixels. For example, in my project, the article area is 560 pixels at the widest, so I made an extension on the web. you can customize the maximum image width in config ettings:

<Add key = "FCKeditor: maxwidthofuploadedimg" value = "560" type = "regxph" text = "yourobjectname"/>

With this configuration, the width of the uploaded image is limited to 560 pixels or less.
6. Customize the domain name in the uploaded image URL

To accelerate page rendering, we can place images and other static resources in an independent domain name. However, the default Image Upload URL of FCKeditor is a relative path,

I added this extension. In web. config appsettings, you can configure the Domain Name of the uploaded image URL, for example:

<Add key = "FCKeditor: uploadedfilesdomain" value = "http://a.cvimg.cn/"/>

 

VII. Solve the Problem of "invalid file type" prompt when uploading files with Chinese characters

To solve this problem, you only need to add a configuration in Web. config:

<Location Path = "fckeditor_2.6.3/Editor/filemanager/connectors/aspx/upload. aspx">
<System. Web>
<Globalization requestencoding = "UTF-8" responseencoding = "gb2312"/>
</System. Web>
</Location>

Note:

1. Responseencoding is the default website code.
2. Fckeditor_2.6.3 is the basepath of FCKeditor.

VIII. FCKeditor Security

In FCKeditor 2.3.2, a vulnerability exists. You can use/Editor/filemanager/Browser/default/connectors/aspx/connector ctor. when aspx uploads arbitrary files to the server, my website has been attacked.

2.6.3 although no similar problems have been found, it is better to delete files that are not commonly used:

1. In the root directory of FCKeditor basepath:
   1. /Editor
   2. /Fckconfig. js
   3. /Fckpackager. xml
   4. /Fckstyles. xml
   5. /Fcktemplates. xml
   6. /License.txt

   Delete all

2. In/Editor/filemanager/, except for retaining:
   1. /Connectors/aspx/config. ascx
   2. /Connectors/aspx/upload. aspx

   Delete all

3. Delete/Editor/_ source/
4. In the checkauthentication () method of/Editor/filemanager/connectors/aspx/config. ascx, the logic for user login verification is added.

Note: The above measures are only applicable to ASP. NET websites and are not considered for websites in other languages.

Appendix: source code modified based on FCKeditor. net_2.6.3

Source: http://files.cnblogs.com/zhubo/FCKeditor.Net_2.6.3.rar
Bin (. NET 2.0): http://files.cnblogs.com/zhubo/FredCK.FCKeditorV2.rar

1. The specified row of the following file has been modified,
   /Filebrowser/config. CS line 45,109,161
   /Filebrowser/fileworkerbase. CS line 68, 98,110,125,277
2. All modifications are included in the code block named "zhubo's modification". You can also search for "zhubo's modification" in the project to quickly see the changes, convenient expansion (for example, setting the maximum Image Height)