You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 420 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Hack: Selective WYSIWYG Editor Mode
Add OnsXyberian writes "Since WYSIWYG editors were introduced into phpnuke, there has been a long-lasting security issue while using WYSIWYG editor. Even though the wysiwyg editor has such security troubles, without doubt, WYSIWYG editors are preferrable to most administrators who are not familiar with html tags. To support the preference, NukeKorea Dev. Team tweaked wysiwyg editor mode for phpnuke. The present hack includes the following features:
  • Selectivity by administators - admin, users, etc.
  • Selective working on individual modules by administrators from admin CP
  • Mode selective
  • ON/ OFF switchable

    Security whole issues are all up to administrators who are responsible to manage their phpnuke based web-sites. For this issue and using the present hack, please check "read more ..."

  • Download (registration required)
  • Installation support and discussion
  • How to use

    Briefly speaking, the security and vulnerability could be minimized when the hack-wysiwyg editor modes are allowed to administrators."
  • Posted on Thursday, June 08 @ 01:55:17 CEST by VinDSL
     
    Related Links
    · More about Add Ons
    · News by VinDSL


    Most read story about Add Ons:
    Release Msn Block Checker 2.0

    Article Rating
    Average Score: 0
    Votes: 0

    Please take a second and vote for this article:

    Excellent
    Very Good
    Good
    Regular
    Bad


    Options

     Printer Friendly Page  Printer Friendly Page

     Send to a Friend  Send to a Friend

    Threshold
    The comments are owned by the poster. We aren't responsible for their content.

    No Comments Allowed for Anonymous, please register

    Re: Hack: Selective WYSIWYG Editor Mode (Score: 1)
    by kbgus on Thursday, June 08 @ 16:30:26 CEST
    (User Info | Send a Message) http://www.stoneridgehoa.net
    Unfortunately, the security issues in version 7.7 and higher exist whether or not a WYSIWYG editor is used. Of course, that could be addressed by modifying many scripts, and hopefully that's what the NukeKorea Dev. Team has done. I like the idea of an admin control panel to control which modules use the WYSIWYG editor.

    nukeWYSIWYG has provided these features (except the ability to control by module via a control panel, but that can be done by adding one line to the module index.php), along with improved security via the kses HTML filter, since it was released last year. It uses FCKeditor, which was selected after a careful evaluation of WYSIWYG editors, but could be modified to support most WYSIWYG editors, including TinyMCE, SPAW, and others. We are looking forward to the new release of FCKeditor, which offers great improvements over the current version.


    Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
    Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
    Page Generation: 0.183 Seconds - 186 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
    :: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::