How to Get FckEditor to work

[Showjumper]

Has anyone been able to get FckEditor for dotnet to work successfully? I
consulted google groups for past post on the matter but found onlu a few
posts relating to it and still wasnt able to get it to work. Th documenation
for it is awful (read non existent). However FreeTextbox works like a charm
and was very easy to setup. I would like to try FckEditor and see how it
compares. Thanks for any help

Ashok

 

[TJS]

I tried it also, but found it did not work well with ASP.net

 

[Hans Kesting]

Has anyone been able to get FckEditor for dotnet to work
successfully? I consulted google groups for past post on the matter
but found onlu a few posts relating to it and still wasnt able to get
it to work. Th documenation for it is awful (read non existent).
However FreeTextbox works like a charm and was very easy to setup. I
would like to try FckEditor and see how it compares. Thanks for any
help
Ashok

We use it, and it works fine. Sorry, I didn't integrate it myself, so I can't
give helpful details.

Hans Kesting

 

[Mona via DotNetMonster.com]

Has anyone been able to get FckEditor for dotnet to work successfully?>Th
documenation for it is awful (read non existent).

However FreeTextbox works like a charm and was very easy to setup.
I would like to try FckEditor and see how it compares.

I did not have any problems using the FCKeditor .NET control. It is a great
control and I like it more than FreeTextbox, however it has a security hole
in the latest version (2.0 CF) and I do not recommend using it in the
production environment until it will be fixed or at least you should
implement your own file system connector and delete all existing ones.

The current implementation of the file system connectors allow unautorized
access to the file system. I checked PHP, ASP. ASP.NET, and ColdFusion
implementations and all of them can be easily used to list the files in any
directory on the Website, create new directories, and upload files
including scripts that can be run remotely to do even more harm. The
problem is that the connectors do not validate any parameters as well as
they use the ServerPath URL parameter, which can point to any directory.

 

[Mona via DotNetMonster.com]

In case you decide to implement your .NET based file system connector you
can use the standard one as the base. Perform at least the following steps:

1. Comment sUserFilesPath = Request.QueryString["ServerPath"];
There is no safe way to use this parameter as it can point to any
directory on your Website.

2. Add the following code to the OnLoad method:
if(-1 != sResourceType.IndexOf("..")
|| -1 != sCurrentFolder.IndexOf(".."))
{
return;
}

After these changes the connector must be safe, however you will not be
able to dynamically set the base user file folder. If you need this feature
you will probably have to replace browser.html with your own file, because
the current implementation of this file creates a new session when it
requests data from the connector and there is no way to pass data in a
session variable.