public marks

PUBLIC MARKS from bacon with tags coral & grave

14 December 2006 09:00

falha grave de segurança no fckeditor

[url=http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=396]alerta original de segurança no portal peak [/url] poster : gijoe on 2006-12-14 12:49:55 (78 reads) in english in japanese. i've just tried a wysiwyg editor fckeditor for pico. http://fckeditor.net/ it looks the best html&javascript and not so good php. in 2.3.2, i can find a fatal vulnerability in php uploader at a glance. (.php files can be uploaded) thus i've remade php uploader and connector almost full scratch for xoops. you can try this. http://xoops.peak.ne.jp/md/mydownloads/singlefile.php?lid=93 pico 0.2 has a feature of editing contents via this fckeditor on xoops. p.s. i don't test xoops.org's fckeditor under /class/xoopseditor/ because class directory should be deny for httpd. and i guess the same vulnerability of original exists in the xoops.org version.