Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Integrating NicEdit image upload script with CI
Integrating NicEdit image upload script with CI
  • El Forum
    Guest
  •  
#1
02-17-2009, 01:20 PM

[eluser]gh0st[/eluser]
I'm using the NicEdit WYSIWYG editor. I've got it working fine, and saving stuff to DB fine, etc and now I'm on the tricky part of getting image uploads to work.

NicEdit requires the path to the `nicUpload.php` file, which does all the work.

The `nicUpload.php` isn't coded in CI, and seems to cause XSS issues. Is anything that sits outside of CI inside the CI framework? (IE: is all the POST stuff etc still cleaned up?)

I have Mozilla's NoScript which "reduces" the threat of XSS attacks on clickthroughs and whenever I do an image upload NoScript complains of an unsafe reload -- which means that nicUpload.php has issues relating to XSS.

What I'm trying to figure out is how to get `nicUpload.php` into CI and secondly, stop all this XSS issues relating to this file.

I've attached the code, with the hope that someone can either recode it, or point me in the right direction of how to integrate the upload script into CI.

[edit]

I can't seem to upload the nicUpload.php file either as a PHP file, or text -- so here is a link to the SVN trunk where you can download nicUpload.php

URL:
http://nicedit.com/svn/nicedit/trunk/nicUpload/php/
  • El Forum
    Guest
  •  
#2
02-17-2009, 01:39 PM

[eluser]pistolPete[/eluser]
Quote: Is anything that sits outside of CI inside the CI framework? (IE: is all the POST stuff etc still cleaned up?)
No, since you call the external script aside from CI, CI is not invoked and therefore there is no cleaning.

I just had a quick look at this script, it's pretty simple to write a CI controller using the File Uploading Class which does the same job (and is secure).
All you have to do is figure out what the php script responds to the .js script and imitate that.
  • El Forum
    Guest
  •  
#3
02-17-2009, 01:41 PM

[eluser]TheFuzzy0ne[/eluser]
[quote author="gh0st" date="1234920017"]
I've attached the code, with the hope...[/quote]

I am a psychic. I see the past, I see the future, but I see no code.
  • El Forum
    Guest
  •  
#4
02-17-2009, 01:44 PM

[eluser]pistolPete[/eluser]
[quote author="TheFuzzy0ne" date="1234921307"]
I am a psychic. I see the past, I see the future, but I see no code.[/quote]

Well that's why he added the [edit]...
  • El Forum
    Guest
  •  
#5
02-17-2009, 01:56 PM

[eluser]TheFuzzy0ne[/eluser]
[quote author="pistolPete" date="1234921493"]Well that's why he added the [edit]...[/quote]

D'oh! I also didn't see that one coming... Must be time for more coffee.
  • El Forum
    Guest
  •  
#6
02-18-2009, 03:03 AM

[eluser]gh0st[/eluser]
[quote author="TheFuzzy0ne" date="1234921307"][quote author="gh0st" date="1234920017"]
I've attached the code, with the hope...[/quote]

I am a psychic. I see the past, I see the future, but I see no code.[/quote]


The code can be found at:
http://nicedit.com/svn/nicedit/trunk/nicUpload/php/


Thanks




Theme © iAndrew 2016 - Forum software by © MyBB