FCKeditor. Net configuration, extension, and security experience

Preface

FCKeditor is a widely used HTML editor.ASP. NETFCKeditor and FCKeditor. Net configurations and function extensions (suchCustom File Upload subdirectory,Custom file name,Post-processing of uploaded images), AndSecurityIn this article.

I hope to help my colleagues who have the same requirements save some time, and I hope you can correct the shortcomings. Thank you.

 

1. Customize the basepath of FCKeditor

Basepath is the relative path of FCKeditor on the website. The default value is/FCKeditor/. It is best to configure it in Web. config etettings:

< Add Key = "FCKeditor: basepath" Value = "/Fckeditor_2.6.3 /" />

This method has many advantages:

1. The development environment is different from the production environment. The development environment is generally http: // localhost/hosts;
   In addition, because the physical directory structure is different from the logical directory structure, errors may also occur;
   If Web. config is used, different configurations can be used in the development environment. The physical path of FCKeditor is consistent with that of the production environment;
2. To upgrade FCKeditor, you only need to put the new version of FCKeditor in the directory of the corresponding version number and modify the configuration. In this way, different users may encounter different errors due to the client cache of static resources;
3. You can see the version number of your FCKeditor.

Ii. Configuration File Upload directory

You can configure the File Upload (multipart upload) Directory of FCKeditor through web. config appsettings, for example:

< Add Key = "FCKeditor: userfilespath" Value = "/Uploadfile/FCKeditor /" />

You can also go to/fckeditorbasepath/Editor/filemanager/connectors/aspx/config. configure in ascx, but I recommend that you do not change the content in the FCKeditor directory (fckconfig. except Js.

Iii. Format of subdirectories uploaded by custom files

We know that a folder cannot store too many files (it is said that 2000 of the Windows directory is the threshold), otherwise access to this directory will seriously affect I/O performance. FCKeditor files are stored in a single directory. I have extended FCKeditor to customize the format of the storage directory in Web. config appsettings, for example:

<AddKey= "FCKeditor: folderpattern"Value= "% Y/% m-% d /"/>

==========================================================
Take today's date as an example: the format of the generated file upload sub-directory is 2008/10-21 /.
Directories in the format of year, month, and day can be combined at will, for example:

<AddKey= "FCKeditor: folderpattern"Value= "% Y/% m/% d /"/>

This generated file upload subdirectory is changed to 2008/10/21/

==========================================================
You can also use different upload subdirectories for different login users.
Modify the configuration of the upload subdirectory in Web. config. Add % u to indicate that different users use different upload subdirectories based on their identity.

    <AddKey= "FCKeditor: folderpattern"Value= "% U/% Y/% m/% d /"/>
 

Added the logic for getting the current logon user ID in fckeditor_2.6.3 \ editor \ filemanager \ connectors \ aspx \ config. ascx.

  Public     Override    Void  Setconfig ()
{
  # Region  Bochuh's Modification  
  //  Identifier for logined user
  //  Leave blank for Default User upload folder  
  Logineduseridentifier  =     "  44 "  ;  //Replace itCode  
# Endregion

//...... The original code in this file
} 

In this way, different users can use different directories for storage based on their login identities (generally user IDs), such: 7394/2008/10/21/(7394 is the ID of the current Login User)

 

Refer:

• % UThe ID of the currently logged on user.
• % YIndicates the year of the current time.
• % MThe month of the current time.
• % DIndicates the day of the current time.

Iv. Custom File Upload File Name format

FCKeditor processes file names according to the following rules: If there are no duplicate files in the current directory, the uploaded file names are the same as those in the user's PC; if there are n duplicate files, the file name added to the user's PC is example. XXX, the uploaded file name becomes: Example (n ). xxx

My project requires that the file name uploaded by the user be changed to the guid format, so I have extended the FCKeditor, in the web. config ettings can customize the format of the uploaded file, for example:

 

< Add Key = "FCKeditor: filenamepattern" Value = "% Guid. % extl" />

Such a file name as a299e63a-7d2d-493d-bbb9-99162ef5b6b8.gif

Refer:

• % GuidRepresents a new guid string
• % FNLThe lower case of the source file name.
• % FNUIndicates the upper case of the source file name.
• % ExtlLowercase letter indicating the source file extension
• % ExtuIndicates the upper case of the source file extension.

5. Resize uploaded images

Most of the scenarios that use the FCKeditor image upload function are content publishing. Images of several thousands of pixels are usually not needed in the content, for example, in my project,ArticleThe region width is 560 pixels, so I made an extension to customize the maximum width of the image in Web. config etettings:

< Add Key = "FCKeditor: maxwidthofuploadedimg" Value = "560" />

With this configuration, the width of the uploaded image is limited to 560 pixels or less.

6. Customize the domain name in the uploaded image URL

To accelerate page rendering, we can place images and other static resources in an independent domain name. However, the default Image Upload URL of FCKeditor is a relative path,

I added this extension. In web. config appsettings, you can configure the Domain Name of the uploaded image URL, for example:

< Add Key = "FCKeditor: uploadedfilesdomain" Value = "Http://a.cvimg.cn /" />

 

 

VII. Solve the Problem of "invalid file type" prompt when uploading files with Chinese characters

To solve this problem, you only need to add a configuration in Web. config:

< Location Path = "Fckeditor_2.6.3/Editor/filemanager/connectors/aspx/upload. aspx" >
< System. Web >
< Globalization Requestencoding = "UTF-8" Responseencoding = "Gb2312" />
</ System. Web >
</ Location >

Note:

1. Responseencoding is the default website code.
2. Fckeditor_2.6.3 is the basepath of FCKeditor.

VIII. FCKeditor Security

In FCKeditor 2.3.2, a vulnerability exists. You can use/Editor/filemanager/Browser/default/connectors/aspx/connector ctor. when aspx uploads arbitrary files to the server, my website has been attacked.

2.6.3 although no similar problems have been found, it is better to delete files that are not commonly used:

1. In the root directory of FCKeditor basepath:
   1. /Editor
   2. /Fckconfig. js
   3. /Fckpackager. xml
   4. /Fckstyles. xml
   5. /Fcktemplates. xml
   6. /License.txt

   Delete all

2. In/Editor/filemanager/, except for retaining:
   1. /Connectors/aspx/config. ascx
   2. /Connectors/aspx/upload. aspx

   Delete all

3. Delete/Editor/_ source/
4. In the checkauthentication () method of/Editor/filemanager/connectors/aspx/config. ascx, the logic for user login verification is added.

Note: The above measures are only applicable to ASP. NET websites and are not considered for websites in other languages.

Appendix: source code modified based on FCKeditor. net_2.6.3

Source: http://files.cnblogs.com/zhubo/FCKeditor.Net_2.6.3_20090713.zip
Bin (. NET 2.0): http://files.cnblogs.com/zhubo/FredCK.FCKeditorV2_20090713.zip

1. The specified row of the following file has been modified,
   /Filebrowser/config. CS line 45,116,169
   /Filebrowser/fileworkerbase. CS line 68, 98,110,125,278
2. All modifications are included in the code block named "zhubo's modification". You can also search for "zhubo's modification" in the project to quickly see the changes, convenient expansion (for example, setting the maximum Image Height)

Update

Add an optional sub-directory for different users to upload images by themselves based on the user ID. For more information, see "3. Update the sub-directory format for custom file upload" in the preceding section.

The new source code and DLL file have also been updated.

Update

Thanks to the help of new users, we have fixed the following BUG: If FCKeditor: folderpattern is not configured, or if FCKeditor: folderpattern is null, one more "/" is added to the path after the image is uploaded successfully "/"

Update

Images suffixed with. gif are not compressed to prevent the loss of animation effects.

Update

Many of my friends encountered problems during configuration. I integrated FCKeditor 2.6.6 and fckeditor.net 2.6.3 into a demo project. I can download the demo directly, open it in Vs, and find the default in the fckeditordemo project. aspx: Right-click View in browser to preview the configuration.
Fckeditordemo.zip