javascript - Ckeditor upload image return 403 forbidden error on codeigniter -


i'm using ckeditor codeigniter;

ckeditor.editorconfig = function( config ) {     config.width = '68%';    config.toolbargroups= [  {name:"styles","groups":["styles"]}, {name: 'basicstyles', groups: [ 'basicstyles', 'cleanup' ] }, {name: "links"}, {name: "paragraph", groups: [ 'list', 'indent', 'blocks', 'align'] }, '/', {name: 'colors' }, {name: 'clipboard', groups: [ 'clipboard', 'undo' ] }, {name:"insert","groups":["insert"]},   ];    config.extraplugins = 'mathjax,codesnippet,autogrow,colordialog,tableresize';    config.codesnippet_theme = 'zenburn';    config.autogrow_maxheight = 600;    config.filebrowseruploadurl = '../ckeditor/do_upload'; };

this config.js file of ckeditor

class ckeditor extends ci_controller{    public function __construct(){  parent::__construct(); $this->load->helper('url'); $this->load->helper('form'); }    public function do_upload(){  $config['upload_path'] = './resources/uploads/';  $config['allowed_types'] = 'gif|jpg|jpeg|png';  $this->load->library('upload'); $this->upload->initialize($config);  $funcnum = $this->input->get('ckeditorfuncnum');  if ( ! $this->upload->do_upload('upload')){     $error = array('error' => $this->upload->display_errors());     $message = 'fail';     $url = ''; } else {    $data = array('upload_data' => $this->upload->data());    $message = 'success';    $url = base_url().'resources/uploads/'. $this->upload->data()['file_name']; }  echo "<script type='text/javascript'>window.parent.ckeditor.tools.callfunction($funcnum, '$url', '$message');</script>";  }    public function index(){  echo 'this page used file upload'; $this->load->view('form', array('error' => ''));    }  }

the do_upload works fine when i'm using ,but ckeditor each time i'm try upload image .i 403 post 

http://localhost/ci/index.php/admin/ckeditor/do_upload?ckeditor=editor1&ckeditorfuncnum=1&langcode=zh-cn 403 (forbidden)

how solve problem, it's annoy me day..is because of lack of hidden fields?

<input type="hidden" name="csrf_test_name" value="3be92cbaaba15d7d08dd7affad23abfd" style="display:none;" />

but how can make ckeditor work.cause apprently can't control form ckeditor generated upload image?

_____________________________update_____________________________________________

when set 

$config['csrf_protection'] = false;

in codeigniter's config.php. don't have problem upload image.but want set true.

/* |-------------------------------------------------------------------------- | cross site request forgery |-------------------------------------------------------------------------- | enables csrf cookie token set. when set true, token | checked on submitted form. if accepting user data, | recommended csrf protection enabled. | | 'csrf_token_name' = token name | 'csrf_cookie_name' = cookie name | 'csrf_expire' = number in seconds token should expire. | 'csrf_regenerate' = regenerate token on every submission | 'csrf_exclude_uris' = array of uris ignore csrf checks */ $config['csrf_protection'] = true; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; $config['csrf_regenerate'] = true; $config['csrf_exclude_uris'] = array();

so problem may temporary disable csrf_protection on codeigniter. why should temporary disable that? there other way solve problem instead of disable csrf_protection on single url below.

$config['csrf_exclude_uris'] = array(   'admin/ckeditor/do_upload',   '' );


Comments

Post a Comment

Popular posts from this blog

javascript - Google App Script ContentService downloadAsFile not working -

i have web app developed using google app script htmlservice , html form, populating excel sheet in google drive using spreadsheetapp . , 1 section calling contentservice download data excel file. function doget(e) { // read excel sheet //getappfile(); // render application html template return htmlservice.createtemplatefromfile('index').evaluate() .settitle('go smart') .setsandboxmode(htmlservice.sandboxmode.iframe); } function downloaddoublequatecsvfile() { var sheetid = propertiesservice.getscriptproperties().getproperty('sheetid'); var ss = spreadsheetapp.openbyid(sheetid).getactivesheet(); //var ss = spreadsheetapp.getactivespreadsheet().getactivesheet(); var maxcolumn = ss.getlastcolumn(); var maxrow = ss.getlastrow(); var data = ss.getrange(1, 1, maxrow, maxcolumn).getvalues(); if (data.length > 1) { var csv = ""; (var row = 0; row < data.length; row++) { (var c...
Read more

javascript - Function overwritting -

is there way overwrite function or event handling in function? using addeventlistener, can have many event handlers on element want var test=document.getelementbyid("div"); test.addeventlistener("click",function(){alert("im first");},false); test.addeventlistener("click",function(){alert("im second");},false); // alerts "im first" , after "im second" but if want overwrite function/event example based on client width example this function one() { alert("first"); } function two() { alert("second"); } window.onresize = function() { var test = document.getelementbyid("div"); if (window.innerwidth > 500) { test.onclick = 1 } else { test.onclick = two; } } is possible in javascript? in case use effective little known approach. addeventlistener can accept object property handleevent event handler. in case it's easy overwr...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more