Use method and security patch of Freetextbox in. Net

In. in the. Net project, the editor uses Freetextbox, which occupies a certain proportion. The Freetextbox is the first open-source free product to choose from the editor. net Editor, which is relatively simple to use and has comprehensive functions and multi-language support, is favored by developers.
It is a beginner. however, due to the disadvantages left by the editor for ASP project development in the past, I have to carefully select this time, on 51aspx, I asked everyone to learn that Freetextbox is a good choice. I tried it and wrote some precautions during use as a memo.
Freetextbox site: http://freetextbox.com/
The latest version is 4.0 Beta, but most domestic developers use Freetextbox 1.6.3 Chinese version.
Freetextbox 1.6.3 Chinese version: http://www.51aspx.com/CV/M67HNQANDQU37/ (with source code)
The 1.6.3 file is as follows:
　　
　　
Usage:
1. Copy FreeTextBox. dll in the bin folder to the project Bin folder;
2. Copy the ftb folder under the images folder to the project Images folder;
3. Copy the HelperScripts folder to the project root directory;
4. text. aspx can be used as a test, or copied to the project root directory together;
5. Create an Uploads directory under the project directory to store uploaded files.
The tree structure is roughly as follows, and the files in the original project remain unchanged:
Project directory (virtual directory)
Export bin (directory)
│ └ FreeTextBox. dll
Saved images (directory)
│ └ Ftb (the directory also contains 3 styles and 3 folder style icons)
├ HelperScripts (the directory contains three ASPX files)
├ Uploads (directory)
Upload test. aspx
Run the project and access Test. in the Aspx file, you can see the Freetextbox editor. If you cannot see it, you need to set the path. We will not set it on the test page. You can directly go to the project to use the editor page.
Add reference in the page header:
　　
Program code

Insert code in the appropriate position on the page:
　　
Program code

The red part shows the relative path, which needs to be modified according to the location of the current page. The green part shows that the control ID can be set freely. toolbarlayout is the tool setting for the toolbar. the commonly used tool is set here, you can search for all the button Information on the Internet if you need to modify it.
In addition, you must set the validateRequest value to false in "<% @ page". Otherwise, the system prompts "the request verification process detects potentially dangerous client input values, the request has been aborted. This value may indicate attempts to compromise application security, such as cross-site scripting attacks .".
　　
Security Settings:
Change the default upload path: Open the ftb. imagegallery. aspx file in the editor, and change the default start folder to Uploads in line 3;
Freetextbox1.6.3 Image Browsing file ftb is found. imagegallery. aspx does not set access permissions. It is best to set user login verification under Page_Load, and search Baidu for inurl: ftb. imagegallery. aspx, a dozen of bots appear in front of you, although ftb. imagegallery. aspx is used to verify the format of a file that is unique to the client and the server. Only images can be uploaded. However, if anyone accesses this address, they can upload, delete, and perform other operations. This is ridiculous, so login verification is required, the method is as follows:
Edit ftb. imagegallery. aspx in
　　
Program code
Private void Page_Load (object sender, System. EventArgs e ){
String isframe = "" + Request ["frame"];

Next we will add the verification code for your site. If verification fails, it will jump back to the home page or the login page. The verification code varies with the site and needs to be compiled by yourself. Generally, it is session verification or cookies verification.
You can upload and delete images in the image directory. When you change the path to another folder, click "http *****. cn/helps/ftb. imagegallery. aspx? Frame = 1 "is added after the address & rif = .. & cif = .. during access, the Directory of the entire website is displayed in front of you. The upload and delete buttons are shown below. Why is the background folder of the website deleted. The correction method is as follows:
Find
Program code
If (cif! = "" & Rif! = ""){

Replace RootImagesFolder. Value = rif;
　　
Program code
//*****************************
RootImagesFolder. Value = DefaultImageFolder;
Array srtArray = cif. Split (\);
String str = srtArray. GetValue (0). ToString ();
If (str! = DefaultImageFolder)
{
Cif = DefaultImageFolder;
}
Cif = cif. Replace (".. \", ""). Replace ("../","");
// Prevent unauthorized access to the file by Yation. Team-2009/07/17

The original file name is directly retained for Freetextbox to upload images. Modify the file to use a time string as the file name. The modification method is as follows:
Find
Program code
UploadFileName = UploadFileName. Substring (UploadFileName. LastIndexOf ("\") + 1 );

Add the following code below:
　　
Program code
//*********************
UploadFileName = DateTime. Now. ToString () + UploadFileName. Remove (0, UploadFileName. LastIndexOf ("."));
UploadFileName = UploadFileName. Replace (":", ""). Replace ("-", ""). Replace ("","");
// By Yation. Team 2009/7/17 rename the upload time