FCKeditor. NET configuration, extension, and security experience

Preface
FCKeditor is a widely used HTML editor. NET application scenarios for FCKeditor and FCKeditor.. NET configuration, function extensions (such as user-defined file upload sub-directories, user-defined file names, post-processing of uploaded images, etc.), and security.

I hope to help my colleagues who have the same requirements save some time, and I hope you can correct the shortcomings. Thank you.

1. Customize the BasePath of FCKeditor
BasePath is the relative path of FCKeditor on the website. The default value is/fckeditor/. It is best to configure it in Web. config etettings:

<Add key = "FCKeditor: BasePath" value = "/FCKeditor_2.6.3/"/>

This method has many advantages:

The development environment is different from the production environment. The development environment is generally http: // localhost/hosts;
In addition, because the physical directory structure is different from the logical directory structure, errors may also occur;
If Web. config is used, different configurations can be used in the development environment. The physical path of FCKeditor is consistent with that of the production environment;
To upgrade FCKeditor, you only need to put the new version of FCKeditor in the directory of the corresponding version number and modify the configuration. In this way, different users may encounter different errors due to the client cache of static resources;
You can see the version number of your FCKeditor.

Ii. Configuration File Upload directory
You can configure the File Upload (multipart upload) Directory of FCKeditor through Web. config appSettings, for example:

<Add key = "FCKeditor: UserFilesPath" value = "/UploadFile/FCKeditor/"/>

You can also go to/FCKeditorBasePath/editor/filemanager/connectors/aspx/config. configure in ascx, but I recommend that you do not change the content in the FCKeditor directory (fckconfig. except js.

Iii. Format of subdirectories uploaded by custom files
We know that a folder cannot store too many files (it is said that 2000 of the Windows directory is the threshold), otherwise access to this directory will seriously affect I/O performance. FCKeditor files are stored in a single directory. I have extended FCKeditor to customize the format of the storage directory in Web. config appSettings, for example:

<Add key = "FCKeditor: FolderPattern" value = "% y/% m-% d/"/>
==========================================================
Take today's date as an example: the format of the generated file upload sub-directory is 2008/10-21 /.
Directories in the format of year, month, and day can be combined at will, for example:
<Add key = "FCKeditor: FolderPattern" value = "% y/% m/% d/"/>
This generated file upload subdirectory is changed to 2008/10/21/
==========================================================
You can also use different upload subdirectories for different login users.
Modify the configuration of the upload subdirectory in Web. config. Add % u to indicate that different users use different upload subdirectories based on their identity.

<Add key = "FCKeditor: FolderPattern" value = "% u/% y/% m/% d/"/>
Added the logic for getting the current logon user ID in FCKeditor_2.6.3 \ editor \ filemanager \ connectors \ aspx \ config. ascx.Copy codeThe Code is as follows: public override void SetConfig ()
{
# Region Bochuh's Modification
// Identifier for logined user
// Leave blank for default user upload folder
LoginedUserIdentifier = "44"; // replace it with the Code represented by the current logon user.
# Endregion

//...... The original code in this file
}

In this way, different users can use different directories for storage based on their login identities (generally user IDs), such: 7394/2008/10/21/(7394 is the ID of the current Login User)
Refer:
% U indicates the identity of the current Login User
% Y indicates the year of the current time
% M indicates the month of the current time
% D indicates the day of the current time
Iv. Custom File Upload File Name format
FCKeditor processes file names according to the following rules: If there are no duplicate files in the current directory, the uploaded file names are the same as those in the user's PC; if there are n duplicate files, the file name added to the user's PC is Example. xxx, the uploaded file name becomes: Example (n ). xxx
My project requires that the file name uploaded by the user be changed to the Guid format, so I have extended the FCKeditor, in the Web. config ettings can customize the format of the uploaded file, for example:
<Add key = "FCKeditor: FilenamePattern" value = "% guid. % extl"/>
Such a file name as a299e63a-7d2d-493d-bbb9-99162ef5b6b8.gif
Refer:
% Guid indicates a new guid string
% Fnl indicates the lower case of the source file name
% Fnu indicates the capital of the source file name
% Extl indicates the lower case of the source file extension
% Extu indicates the upper case of the source file extension.
5. Resize uploaded images
Most of the scenarios that use the FCKeditor image upload function are content publishing. The content usually does not require images of several thousands of pixels. For example, in my project, the article area is 560 pixels at the widest, so I made an extension on the Web. you can customize the maximum image width in config ettings:
<Add key = "FCKeditor: MaxWidthOfUploadedImg" value = "560" type = "regxph" text = "yourobjectname"/>
With this configuration, the width of the uploaded image is limited to 560 pixels or less.

6. Customize the domain name in the uploaded image URL
To accelerate page rendering, we can place images and other static resources in an independent domain name. However, the default Image Upload URL of FCKeditor is a relative path,

I added this extension. In Web. config appSettings, you can configure the Domain Name of the uploaded image URL, for example:

<Add key = "FCKeditor: UploadedFilesDomain" value = "http://a.cvimg.cn/"/>

VII. Solve the Problem of "invalid file type" prompt when uploading files with Chinese characters
To solve this problem, you only need to add a configuration in Web. config:

Copy codeThe Code is as follows: <location path = "FCKeditor_2.6.3/editor/filemanager/connectors/aspx/upload. aspx">
<System. web>
<Globalization requestEncoding = "UTF-8" responseEncoding = "gb2312"/>
</System. web>
</Location>

Note:
ResponseEncoding is the default website code.
FCKeditor_2.6.3 is the BasePath of FCKeditor.

VIII. FCKeditor Security
In FCKeditor 2.3.2, a vulnerability exists. You can use/editor/filemanager/browser/default/connectors/aspx/connector ctor. when aspx uploads arbitrary files to the server, my website has been attacked.
2.6.3 although no similar problems have been found, it is better to delete files that are not commonly used:

In the root directory of FCKeditor BasePath:
/Editor
/Fckconfig. js
/Fckpackager. xml
/Fckstyles. xml
/Fcktemplates. xml
/License.txt
Delete all
In/editor/filemanager/, except for retaining:
/Connectors/aspx/config. ascx
/Connectors/aspx/upload. aspx
Delete all
Delete/editor/_ source/
In the CheckAuthentication () method of/editor/filemanager/connectors/aspx/config. ascx, the logic for user login verification is added.
Note: The above measures are only applicable to ASP. NET websites and are not considered for websites in other languages.

Appendix: source code modified based on FCKeditor. Net_2.6.3
SOURCE: http://xiazai.jb51.net/201108/yuanma/FCKeditor.Net_2.6.3_20090713.zip
BIN (. NET 2.0): http://xiazai.jb51.net/201108/yuanma/FredCK.FCKeditorV2_20090713.zip

The specified row of the following file has been modified,
/FileBrowser/Config. cs line 45,116,169
/FileBrowser/FileWorkerBase. cs line 68, 98,110,125,278
All modifications are included in the code block named "ZhuBo's Modification". You can also search for "ZhuBo's Modification" in the project to quickly see the changes, convenient expansion (for example, setting the maximum Image Height)
Update
Add an optional sub-directory for different users to upload images by themselves based on the user ID. For more information, see "3. Update the sub-directory format for custom file upload" in the preceding section.

The new source code and dll file have also been updated.

Update
Thanks to the help of new users, we have fixed the following Bug: If FCKeditor: FolderPattern is not configured, or if FCKeditor: FolderPattern is null, one more "/" is added to the path after the image is uploaded successfully "/"

Update
Images suffixed with. gif are not compressed to prevent the loss of animation effects.