Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.In the fckeditor.config.js file, the PHP code protection has been incorrectly commented.
Actually, commenting that line will not prevent the user from typing PHP code in the editor. to do that, even without that line, just go to the source view and submit.
That line instead will instruct FCKeditor to not destroy the PHP code blocks when switching from source to WYSIWYG view. It has nothing to do with security checking.
Code injection controls must be done in the server side, and Drupal does it pretty well. Commenting that line will just bring you troubles when you really want PHP code to be included in the editor source (and this is controlled by the "Input format" box in Drupal pages).
The proposed patch uncomments that line and gives a little bit more info in the comments.
Best regards,
Frederico Caldeira Knabben
----
http://www.fckeditor.net
"Support Open Source Software"
| Comment | File | Size | Author |
|---|---|---|---|
| fckeditor.config.js.patch | 1.04 KB | FredCK |
Comments
Comment #1
ontwerpwerk CreditAttribution: ontwerpwerk commentedincluded in lates cvs
Comment #2
(not verified) CreditAttribution: commented