for something reason, my build of ckeditor's xss filter(index.php?q=ckeditor/xss) returns an empty string.

my request parameters are:

input_format:	2
text:	{html stuff}

to fix it, i changed line 151 of includes/ckeditor.page.inc to

if (!isset($_POST['text']) || !is_string($_POST['text']) || (!is_array($_POST['filters']) && (!isset($_POST['input_format']) || !is_string($_POST['input_format'])))) {

not sure if this is what should be done.

Comments

mkesicki’s picture

Thx, for notice this. We will check this ASAP. Please be patient.

dczepierga’s picture

Status: Active » Postponed (maintainer needs more info)

Do u have any filters selected in your CKEditor profile?

Greetings

rich.3po’s picture

I could be wrong, but i believe i'm having a similar issue whereby the latest release of ckeditor module (7.x-1.3) is conflicting with the Quote module

What appears to be happening is that the text format filter (filtered html in my case) is running for default values set in forms (comment form in my case), causing the value in the form field to be pre-filtered when it should not be. This obviously breaks the desired functionality of the injected content when submitting the form, since the input filter will effectively have run twice by the time you view the saved comment.

Rolling back to 7.x-1.2 fixes the issue

mkesicki’s picture

@rich.3po I tested CKEditor module with Quote module and it looks ok.
Remember that Quote module for Drupal 7 is not stable (it is in DEV stage).
Please write steps to reproduce your issue.

jiong_ye’s picture

under Security settings in ckeditor profile config
Always run security filters for CKEditor is checked;

nothing is checked under Security filters.

haiiro.shimeji’s picture

Status: Postponed (maintainer needs more info) » Needs review
StatusFileSize
new1.26 KB

i have the same problem in my environment.

drupal 7.8
ckeditor module 7.x-1.3
ckeditor 3.6.2
jquery 1.6.4

there is no problem in using jquery ver1.5.2 or 1.4.4.

in jquery 1.6.4, $_POST['filters'] is not set when filters is an empty array.
(changed the function of $.ajax() ??)

dczepierga’s picture

@haiiro.shimeji, really thx for patch. We will check this and commit asap. So pls be patient.

Greetings

Anonymous’s picture

Issue tags: +ckeditor 7.13

Ckeditor 7.11 uploaded at 7.13 version : invisible, not displayed in "all" Edit content body !!!

The site in DRUPAL 7.8 (the ultimate version .. at today), if return in Ckeditor 7.11 = Ck editor is visible OK !

Why this Bad Story in the CK 7.13 ??

Notes:
I have tested all versions, old and news, for the Official Modules of CK : 3.4.. --> 3.6.0 and 3.6.2
( in directory : sites/all/modules/ckeditor/ckeditor/..)

But the Invisibility is caused from The Drupal Module 7.x-13

Tanks for your reply and solutions

Lorenzo

mkesicki’s picture

@ultrasuoni please check latest DEV version if your problem occurs there.
Please also check in Firebug console (Firefox add-on) if you have some errors . You can check in Firebug net tab if all request are correct. I think that you should move you issue to another/new topic. It looks like not problem with filter/xss.

dczepierga’s picture

Status: Needs review » Closed (fixed)

Security policy in Drupal 7 was changed, so i closed this issue.

Greetings

dczepierga’s picture

Issue summary: View changes

typo