Ewebeditor usage Summary

How to Use ewebeditor

Download the package, decompress it to the project directory, and modify the name of the extracted directoryNewseditorAnd then directlyProgramAdd 2 rowsCodeYou can:

<Textarea name ="Content"Style =" display: none; "rows =" 1 "Cols =" 20 "> </textarea>
<IFRAME id = "Editor" src = "../Newseditor/Ewebeditor. asp? Id =Content& Style = standard "frameborder =" 0 "scrolling =" no "width =" 100% "Height =" 389 "> </iframe>-

Note: The name value of textarea must be consistent with that of ewebeditor. asp? Id = content has the same ID value.

 

Style parameters

There are several optional parameters: Standard, s_popup, s_newssystem,

 

 

IE8 ewebeditor button click invalid Solution 

Find the editor. js file in the ewebeditor directory,

The path is webedit \ include \ editor. js. Open it in notepad and find the following code (line 1 ):
If (element. yuseronclick ){
Eval (element. yuseronclick + "anonymous ()");
}
Or
If (element. yuseronclick) eval (element. yuseronclick + "anonymous ()");

Different versions may be written differently.

Replace the above Code

If (element. yuseronclick ){
Try {
Eval (element. yuseronclick + "anonymous ()");
}
Catch (ERR ){
Eval (element. yuseronclick + "onclick (event )");
}
} Or (however, the above Code can better solve the problem)
If (navigator. appversion. Match ( /8./I) = '8 .')
{
If (element. yuseronclick) eval (element. yuseronclick + "onclick (event )");
}
Else

{
If (element. yuseronclick) eval (element. yuseronclick + "anonymous ()");
}

 

 

Instructions for using ewebeditor [reprint]

Settings:

The ewebeditor provides the background management function, allowing you to easily manage styles and upload files. Note:

Admin Logon address: http://www.yoursite.com/ewebeditor/admin_login.asp
For the first installation, use the default user admin and password admin to log on to the background and go to the Management page to change the management user and password.
We recommend that you change the database name after installation to prevent malicious downloads. The default data name is dB/ewebeditor. MDB. Modify the connection in the include/startup. asp file after the name is changed.
The system has several standard styles that cannot be modified. When you add a style, you 'd better preview it first, and then use the "Copy standard style" method to quickly add a style, not prone to errors
Call:

The call of ewebeditor is very simple, basically just adding a line of code in the original use.

Standard call:

<IFRAME id = "ewebeditor1" src = "/ewebeditor. asp? Id = content1 & Style = standard "frameborder =" 0 "scrolling =" no "width =" 500 "Height =" 350 "> </iframe>
Parameter description:

/Ewebeditor. asp should be changed to the actual installation path
Parameter ID: the name of the associated form item, that is, the name of the form item to be referenced on the submit and save page. Make sure that the ID is different for multiple calls. See the following example.
Style: The style name used. It can be a standard style name or a custom style name. If the standard style is used, leave it blank.
Width, height: according to actual needs, ewebeditor will automatically adjust and adapt
In the background management, you can get the best call code for each style
All entry parameters: (that is, ewebeditor. asp? Parameters)

ID: the name of the associated form item for saving and editing content, that is, the name of the form item to be referenced on the submit and save page.
Style: the name of the style to use. It can be a standard style name or a custom style name. If you use the standard style, leave it blank.
Originalfilename: name of the form item associated with the list of stored and uploaded original file names. It must be of the input type and can contain the onchange event []

<HTML>
<Body>
<Script language = JavaScript>
Function ewebeditorpopup (style, form, field ){
VaR opopup = Window. Open ("Popup. asp? Style = "+ style +" & form = "+ form +" & field = "+ field," popup "+ form + field," toolbar = No, location = No, directories = No, status = Yes, menubar = No, scrollbars = Yes, resizable = yes ");
}
</SCRIPT>
<Form action = "" method = "" name = "myform">
<Textarea name = "myfield" Cols = "50" rows = "5"> </textarea>
<Input type = "button" value = "HTML edit" onclick = "ewebeditorpopup (''s _ popup'', ''myform '', ''myfield'') ">
</Form>
</Body>
</Html>
Interface: foreground explanation (Restriction) Extended Function Description:

This function disables some tags, such as SCRIPT tags for security reasons. Different versions may vary. See the description in the actual file:

Function ewebeditor_decode (s_content, sfilters)
S_content: The data string to be converted.
S_filters: format set to be filtered out. Multiple Format sets are separated by commas (,).
Example:

The extension file is included first, and the following path is changed accordingly.
<! -- # Include file = "include/decode. asp" -->

<%
''In this example, only the script tag is filtered, which means that the client script in the content does not take effect. You can add other tags as needed.
Scontent = ewebeditor_decode (scontent, "script ")
%>

ArticleSource: DIY tribe (http://www.diybl.com/course/1_web/webjs/2008324/106687.html)

 

 

Solution for using ewebeditor: ADODB. recordset error 800a0e7d Error

Error: ADODB. recordset error '800a0e7d 'connection cannot be used to perform this operation. In this context, it may have been disabled or invalid. /Web/admin/ewebeditor. asp, line XXX causes

Solution
I
1: Right-click the C drive (system installation partition) and select Properties.
2: Select the "Security" page.
3: click "add", enter Power Users, and click OK.
4: click the "advanced" button and select "Use the project that can be applied to the sub-object to replace all sub-object permission projects displayed here". Just click OK.

II
If it still doesn't help, I searched on the Internet to find a solution that can solve all kinds of strange methods. You may try again, which may make you suddenly enlightened. In C: /Windows/has a temp folder. Give it more permissions, which may solve your problem !!

 

 

Pay attention to the following aspects to fix the ewebeditor vulnerability:
Step 1: Download The ewebeditor2.8 revised version

Http://ewebeditor.webasp.net/download.asp
Decompress the package to the project file directory. For ease of use, I changed the file to ewebeditor.

Step 2: Modify the ASP file called to the editor

<***** Id = "Editor" src = "ewebeditor/ewebeditor. asp? Id = newscontent & Style = s_newssystem "frameborder =" 0 "scrolling =" no "width =" 100% "Height =" 100% "> </*****>

Step 3: Modify the ewebeditor

1. Enable pagination characters to be inserted.
Open ewebeditor/DB/ewebeditor. MDB =>
Open the ewebeditor_button table =>
In the last 21 rows
The value of the B _title field is "show or hide Guidelines" and changed to "insert system pagination"
Change the B _event field value to "showborders ()" to "insert ('splitpage ')"
Open webeditor/include/editor. js
Insert before row 777
Case "splitpage": // insert a paging character
Inserthtml ("<HR syspagesplitflag> ");
Break;
2. Modify the Save path of the uploaded files in the editor.
Open the ewebeditor_style table
Find the row where your style is located. I used s_newssystem to modify the value of the s_uploaddir field.
I changed it to/uploadfiles/
In this way, all the images uploaded using the editor will be under the uploadfiles folder in the root directory.

Step 4: security of the Editor

 

1. Modify the default database path (db) and database name (ewebeditor) of the editor in time. MDB), and in include/startup. ASP changes the connection statement to prevent unauthorized database downloads. It is hard to guess how to change the ewebeditor folder name!

2. Delete all. asp files starting with admin in the directory to prevent hackers from entering the background management interface.

3. Modify the File Upload path in the style sheet to prevent direct display of the editor path, or open the table ewebeditor_style in the database to modify s_uploaddir. for example, "/uploadfile/" indicates that all files are uploaded to the uploadfile directory under the root directory of the website, so that some people cannot directly view the editor address by viewing the image address!

4. Modify the upload. asp statement to prevent hackers from using it to upload an ASP Trojan to gain web permissions.

In the upload. asp file, find sallowext = Replace (ucase (sallowext), "asp ","")

Replace this sentence
Do While instr (sallowext, "asp") or instr (sallowext, "CER") or instr (sallowext, "asa") or instr (sallowext, "CDX ") or instr (sallowext, "HTR ")
Sallowext = Replace (sallowext, "asp ","")
Sallowext = Replace (sallowext, "CER ","")
Sallowext = Replace (sallowext, "asa ","")
Sallowext = Replace (sallowext, "CDX ","")
Sallowext = Replace (sallowext, "HTR ","")
Sallowext = Replace (sallowext, "cgi ","")
Sallowext = Replace (sallowext, "aspx ","")'
Sallowext = Replace (sallowext, "ASP. jpg ","")
Sallowext = Replace (sallowext, "Cer. jpg ","")
Sallowext = Replace (sallowext, "ASA. jpg ","")
Sallowext = Replace (sallowext, "CDX. jpg ","")
Sallowext = Replace (sallowext, "HTR. jpg ","")
Sallowext = Replace (sallowext, "CGI. jpg ","")
Sallowext = Replace (sallowext, "Aspx. jpg ","")
Loop

5. Sort out the application extension ing in the IIS configuration on the website server in time to ensure that other types of files cannot run on the server website.

How to Improve the ewebeditor vulnerability:

1. Add IP Control to ewebeditor
<%
''Establish a connection
Dim Conn, connstr
Connstr = "driver = {SQL Server}; server =.; uid = yst06; Pwd = yst06; database = yst06"
Set conn = server. Createobject ("ADODB. Connection ")
Conn. Open connstr
''************************************** *************
''Function: controls the length of characters.
''Parameter: cutstr
''************************************** *************
Function cutstr (tempstr, tempwid)
If Len (tempstr)> tempwid then
Cutstr = left (tempstr, tempwid )&"..."
Else
Cutstr = tempstr
End if
End Function
Userip = request. servervariables ("http_x_forwarded_for ")
If userip = "" then
Userip = request. servervariables ("remote_addr ")
End if
Userip = CSTR (userip)
''Response. Write userip & "<br>"
''Response. Write instr (userip, "*")-2
''Response. End ()
''Ip = "210.29.168.123"
''Response. Write instr (IP ,"*")
''Response. End ()
Set rs = server. Createobject ("ADODB. recordset ")
SQL = "select * from IP where State = 1"
Rs. Open SQL, Conn, 1, 1
Do while not Rs. EOF
Trustip = trim (RS ("ip "))
If instr (trustip, "*") = 0 then
If trustip = userip then
Useriptrusted = true
Exit do
Else
Rs. movenext
End if
Else
Position = instr (trustip, "*")-2
If left (trustip, position) = left (userip, position) then
Useriptrusted = true
Exit do
Else
Rs. movenext
End if
End if
Loop
If useriptrusted = false then
Response. Write "<script language = ''javascript''> alert (''illegal IP login, please contact the administrator! ''); Location. href ='' ../index. asp ''; </SCRIPT>"
End if
%>
2. Change the ewebeditor folder name
3. Modify the ewebeditor management background (User Name/password/File Upload type allowed)
4. Modify the file filtering types ASP, CER, CDX, HTR, STM, and ASA (upload. asp) in ewebeditor)
''ASP, CER, ASA, CDX, HTR, and STM script files are not allowed to be uploaded under any circumstances.
Sallowext = Replace (replace (ucase (sallowext), "asp", "**"), "CER ","**"), "asa", "**"), "CDX", "**"), "HTR", "**"), "stm ","**") (This is not recommended. Use the filter code written by others above)
5. Modify the database path of the ewebeditor and change the connection statement in include/startup. asp.