This patch modifies the ckeditor xss url to be passed through the url() function. This is so that sites that want to control access to php files (such as index.php) can do so without having to hack this module.

CommentFileSizeAuthor
ckedtior-xss-path.patch1.77 KBacbramley
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

mkesicki’s picture

mkesicki CreditAttribution: mkesicki commented
Status: Active » Needs review

@acbramley,
thank you for patch.

Josh Waihi’s picture

Josh Waihi CreditAttribution: Josh Waihi commented
Status: Needs review » Reviewed & tested by the community

This is good, and makes ckeditor follow the convention set by Drupal. +1

jtwalters’s picture

jtwalters CreditAttribution: jtwalters commented

I used the patch as well, and it resolved an edge-case issue I was having. +1

dczepierga’s picture

dczepierga CreditAttribution: dczepierga commented
Title: Change ckeditor xss url to be passed through url() » [D7] Change ckeditor xss url to be passed through url()
Status: Reviewed & tested by the community » Fixed

Changes commited to GIT (diff).

Really thx for patch and help.

Greetings

halcyonCorsair’s picture

halcyonCorsair CreditAttribution: halcyonCorsair commented

@dczepierga:

It seems you forgot to attribute correct authorship to @acbramley, you can see how to do so here:
http://drupal.org/node/1146430

mkesicki’s picture

mkesicki CreditAttribution: mkesicki commented
Status: Fixed » Closed (fixed)