Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This patch modifies the ckeditor xss url to be passed through the url() function. This is so that sites that want to control access to php files (such as index.php) can do so without having to hack this module.
Comment | File | Size | Author |
---|---|---|---|
ckedtior-xss-path.patch | 1.77 KB | acbramley | |
Comments
Comment #1
mkesicki CreditAttribution: mkesicki commented@acbramley,
thank you for patch.
Comment #2
Josh Waihi CreditAttribution: Josh Waihi commentedThis is good, and makes ckeditor follow the convention set by Drupal. +1
Comment #3
jtwalters CreditAttribution: jtwalters commentedI used the patch as well, and it resolved an edge-case issue I was having. +1
Comment #4
dczepierga CreditAttribution: dczepierga commentedChanges commited to GIT (diff).
Really thx for patch and help.
Greetings
Comment #5
halcyonCorsair CreditAttribution: halcyonCorsair commented@dczepierga:
It seems you forgot to attribute correct authorship to @acbramley, you can see how to do so here:
http://drupal.org/node/1146430
Comment #6
mkesicki CreditAttribution: mkesicki commented