When using CKFinder with CKEditor in Drupal 7, CheckAuthentication() in includes/filemanager.config.php fails.

Or more precisely, it is the call to user_access() that constantly fails. Since there seems to be a problem with retrieving the $user object.

If i add the following to CheckAuthentication() (just for debugging purposes):

global $user;
return empty($user->uid);

CKFinder loads just fine, which indicates that $user->uid is empty...

I have analyzed exactly the same code in a Drupal 6 environment, in which the user object is available just fine and user_access() works as intended.

P.S. I have not set $cookie_domain in sites/default/settings.php, nor have i done that in the Drupal 6 environment, since that seems to break the login (among other things) when using different domain names.

Comments

rubakaa’s picture

Updated to 7.x-1.3 (latest as of writing) and the problem persists.

A quick and dirty "fix" could look like this:

In includes/filemanager.config.php change,

$authenticated = user_access('allow CKFinder file uploads');

to,

$account->uid = 1;
$authenticated = user_access('allow CKFinder file uploads', $account);

Bonus feature: broken security :)

Enjoy!

rubakaa’s picture

Version: 7.x-1.2 » 7.x-1.3
Priority: Major » Minor

Okay, problem solved if $cookie_domain is set, unfortunately this creates other problems, for which ckeditor shouldn't be blamed for...

Strangely enough this does not seem to be needed in Drupal 6...

dczepierga’s picture

Status: Active » Closed (works as designed)

Yes it's not needed in D6, but in D7 u must use it (everything is written in README file) - without this it's not working...
We will try in one of the future releases make CKFinder configuration easier, but for now u must wait an be patient.
For now i closed this issue.

Greetings