By eawhite09 on

I am having an issue with images using FCKeditor. After I locate my images, I am able to use the FCKeditor to enter the URL of the file. After I hit OK, my image shows up perfectly in my FCKeditor and also in the source. However, once I save/publish and actually look at my site, the image is nowhere to be found and if you look at the source of the final page, it's as if the FCKeditor never adds the final code. Please help, this is driving me insane and I'm worried it's one little setting I may have missed. Thank you!

Categories: Drupal 6.x

Comments

bsenftner’s picture

bsenftner commented

check the "input format" on the node you're editing and verify that it is set to "Full HTML". It sounds to me like they may be getting stripped out because the input format is set to "Filtered HTML" - which does not allow the img tag.

-Blake
www.BlakeSenftner.com www.3D-Avatar-Store.com

eawhite09’s picture

eawhite09 commented

that was the answer i needed!

FanisTsiros’s picture

FanisTsiros commented

This is a filter problem...

From the FCKEditor readme file:

For the Rich Text Editing to work you also need to configure your filters 
      for the users that may access Rich Text Editing. 
      Either grant those users Full HTML access or use the following:
      <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> 
      <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> 
      <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> 
      <cite> <embed> <object> <param> <strike> <caption>.

All you have to do is to add the <img> tag to your filters

go to admin/settings/filters

and add the tag to Filtered Html Filter.

ReliabilityConsistencyFeedback

solimeno’s picture

solimeno commented

I have a similar problem on my drupal site, and after adding the Only local images are allowed. tag to the Filtered Html Filter, images are still not visible to anonymous users. Authenticated users can view images since I have allowed access to full HTML, but for blog entries we would like anonymous users to view images and currently, even with the Only local images are allowed. tag added they cannot.

Any other ideas?

Does the addition of the Only local images are allowed. tag to the Filtered Html Filter pose any serious security risk?

FanisTsiros’s picture

FanisTsiros commented

Let me first clarify something:
Adding <img> tag in input filter does not give the permission to VIEW an image. This just gives the ability to ADD an image with your WYSIWYG editor.

What image browser are you using with FCKeditor ? (built-in, IMCE, ImageBrowser .... ???)

What image module are you using ? (Image module or ImageCache ?)

Does the addition of the tag to the Filtered Html Filter pose any serious security risk?

Absolutely !!!

See also: http://drupal.org/node/347924

This is why (so far for drupal 6) that there is not an "easy" image manipulation system for end-users. There are a lot of solutions for site administators though...

You also write:

I have allowed access to full HTML

You sould never give full HTML access to your users, even authenticated. Rather use drupal's filtered HTML format

If you are using imagebrowser, try to use imagebrowser ver 2 as this version solves the security problem, and there is no need to touch your filtered HTML filter adding the Only local images are allowed. tag. (although ib is still in alpha version - i think)

ReliabilityConsistencyFeedback

solimeno’s picture

solimeno commented

Thanks for your reply FanisTsiros. I am using the Image module, and the built-in image browser. Also, after I attempted adding the Only local images are allowed. tag to the Filtered HTML filter and saw no change, I subsequently removed it.

So that I understand correctly, your recommendation is that I never give full HTML access to authenticated users (there are only 12 of us in my company - all trusted users), just filtered HTML ... but in order for an authenticated user to have the ability to ADD an image with the FCKeditor WYSIWYG editor they still need to have the ability to use the Only local images are allowed. tag, no?

I will look at imagebrowser ver 2 that you infer solves the security issue with the Only local images are allowed. tag for filtered HTML.

Thank You!

FanisTsiros’s picture

FanisTsiros commented

Well if you are really sure that your authenticated users are trusted there is no problem. Give them full HTML, but make sure none from the outside world (internet) can register and become an authenticated user without approval. In this case (full HTML) there is no need to add any tag.

img tag is only required in case you use Filterd HTML filter (obviously this filter removes this tag when encountered and is not in the exceptions list).

Now for the images to be visible i think this is a permission issue. See permisions for image module ("view original images") and ImageBrowser's permissions also. If the problem persists (anonymous can't view images) maybe there is an ISP problem. Check your "files' directory permissions also.

Hope this helps !

ReliabilityConsistencyFeedback

solimeno’s picture

solimeno commented

Yes - I found that because we are using the Web File Manager module and link to images stored in that fashion, either anonymous users need to have permission to use Web FM (a really bad idea) or I have to copy them to another pub directory. I've opted for the latter and used chmod to set the pub directory to 755 and all seems to be working now.

Thank you for the help today and the education about security risks!