Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hi
I have a Drupal 5 installation with FCKEditor which is working really well in an IIS environment but when I move it to an Apache environment I get a 403 Forbidden message whenever I try to Browse the server for uploaded files.
The URL that it is passing is
http://www. ... .au/modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser.html?type=Image&Connector=../../connectors/php/connector.php&ServerPath=/staging/ccs/files
If this is changed to
http://www. ... .au/modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser.html?type=Image&Connector=/filemanager/browser/connectors/php/connector.php&ServerPath=/staging/ccs/files
it works.
Now I have run the code through a script debugger and cannot find where the "../../" is added or where to make teh appropriate changes to the code.
Can anyone help?
cheers
David
Comments
Comment #1
wwalc commentedSounds like a problem with mod_security module rejecting requests to urls containing "../../".
Comment #2
wwalc commentedComment #3
turcanuandrei commentedI have exactly the same error as described here (except that i didn't move from iis to apache and i'm using drupal 6.5) and problem is that i can't change the mod_security settings on the server.
I've alreay browsed the readme and google and it seems as if this has already been an issue before but it should be solved according to this: http://dev.fckeditor.net/ticket/1868
Also i did try changing the fckconfig.js in the fckeditor/fckeditor directory but it seems as if the changes being overriden somehow.
Comment #4
wwalc commentedFixed in CVS. Download the dev release from 2008-Oct-15 (should be available in an hour or after midnight) and let me know if that worked out for you.
I'm marking it as fixed, please reopen if you have any problems with it and also again please drop here a message that it started working for you.
Comment #5
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.