Deprecated return value in the imageeditor on PHP 5.3

☆ A M B ☆
211 Posts

redstormj Reply #11, 13 years, 11 months ago

I’m running evo 1.0.3, I am trying to work this out, but the tinymce version on my setup is 3.3.2 and it seems like the tinymce.functions.php is very different from the one referenced above. Any help in getting this to work for 3.3.2 would be appreciated.

Thanks.

Jose R. Lopez

☆ A M B ☆
211 Posts

redstormj Reply #12, 13 years, 11 months ago

Poking around a bit I was able to figure it out. Here is the info if anyone is interested:

File: in: assets/plugins/tinymce/js/mce_init.js.inc

Just bellow

<script language="javascript" type="text/javascript" src="[+mce_url+]jscripts/tiny_mce/tiny_mce.js"></script>

add this

<script language="javascript" type="text/javascript" src="[+mce_url+]jscripts/tiny_mce/plugins/tinybrowser/tb_tinymce.js.php"></script>

File: assets/plugins/tinymce/tinymce.functions.php

find line:

		$ph['file_browser_callback']   = 'modx_fb';

Replace with:

		$ph['file_browser_callback']   = 'tinyBrowser';

Last remaining steps are the configuration of tinyBrowser itself which is well explained in its readme file.

If you want to enable the session check for security then uncomment the apropriate lines in the tinybrowser config file and set this up as follows:

session_name('your session name is in your modx config file');
session_start();
$tinybrowser['sessioncheck'] = 'mgrValidated'; //name of session variable to check

Also, on further reading I found these vulnerabilities:

http://yehg.net/lab/pr0js/advisories/tinybrowser_1416_multiple_vulnerabilities

I am still verifying the rest of my setup, I will report back if I found any problems.

Hope it helps.

Jose R. Lopez

98 Posts

puffin2 Reply #13, 13 years, 11 months ago

Thanks for posting this solution redstormj.

I read the vulnerabilities link but it mostly seems to just point out the security issues rather than offer solutions.

What are you doing to render tinybrowser more secure?

☆ A M B ☆
211 Posts

redstormj Reply #14, 13 years, 11 months ago

Quote from: puffin at May 22, 2010, 12:42 PM

Thanks for posting this solution redstormj.

I read the vulnerabilities link but it mostly seems to just point out the security issues rather than offer solutions.

What are you doing to render tinybrowser more secure?

As far as my testings have gone they are all simply solved by enabling the session check. I’ve tried to trick the scripts in many ways and I’ve poked it quite a bit and it seems that the session check does the trick pretty well.

Basically by enabling the session check on the plugin you are telling it not to run anything unless you are logged as admin. Of course this can be extended to be more restrictive, it comes down to how paranoid you want to be or how secure you wish to make it.

For now, I feel confident just enabling the session does the trick for me.

Overall I am actually quite happy with the plugin, it does the job, it does it well, and the automated resize feature on upload is actually making my life a lot easier as all pictures I upload here I wanted to have exactly the same size, so that worked wonderfully.

Another great thing in comparison to the default file browser is the ability to upload multiple files at once.

Cheers,
Jose R. Lopez

98 Posts

puffin2 Reply #15, 13 years, 11 months ago

Thanks, Jose, for that great solution.

I had to use tinybrowser for one of my clients (mac, ff) whose images were suddenly and mysteriously disappearing from the server--strange problem that I can’t replicate, but seemed to be related to mcpuck.

After using it a little, I can’t see where Tinybrowser is any worse, and may be better, than mcpuck. I, too, like the multiple file upload.

152 Posts

Henrik Nielsen Reply #16, 13 years, 11 months ago

Great job!

I really hope that this will replace MCPuck in Evo 1.04, with its improved functionality and the appearance which are more similar to TinyMCE.

- A small step for mankind, so why not take two...

Working with web production, graphic design/workflow, photo and education - but are trying to get a life in between!

☆ A M B ☆
211 Posts

redstormj Reply #17, 13 years, 11 months ago

I’ve been playing around with this more. If you want to switch the image browser when using image template variables here are the changes needed:

File: /manager/includes/tmplvars.inc.php

Around line 117, find:

<script type=\"text/javascript\">
							var lastImageCtrl;
							var lastFileCtrl;
							function OpenServerBrowser(url, width, height ) {
								var iLeft = (screen.width  - width) / 2 ;
								var iTop  = (screen.height - height) / 2 ;

								var sOptions = 'toolbar=no,status=no,resizable=yes,dependent=yes' ;
								sOptions += ',width=' + width ;
								sOptions += ',height=' + height ;
								sOptions += ',left=' + iLeft ;
								sOptions += ',top=' + iTop ;

								var oWindow = window.open( url, 'FCKBrowseWindow', sOptions ) ;
							}			
							function BrowseServer(ctrl) {
								lastImageCtrl = ctrl;
								var w = screen.width * 0.7;
								var h = screen.height * 0.7;
								OpenServerBrowser('".$base_url."manager/media/browser/mcpuk/browser.html?Type=images&Connector=".$base_url."manager/media/browser/mcpuk/connectors/php/connector.php&ServerPath=".$base_url."', w, h);
							}
							
							function BrowseFileServer(ctrl) {
								lastFileCtrl = ctrl;
								var w = screen.width * 0.7;
								var h = screen.height * 0.7;
								OpenServerBrowser('".$base_url."manager/media/browser/mcpuk/browser.html?Type=files&Connector=".$base_url."manager/media/browser/mcpuk/connectors/php/connector.php&ServerPath=".$base_url."', w, h);
							}
							
							function SetUrl(url, width, height, alt){
								if(lastFileCtrl) {
									var c = document.mutate[lastFileCtrl];
									if(c) c.value = url;
									lastFileCtrl = '';
								} else if(lastImageCtrl) {
									var c = document.mutate[lastImageCtrl];
									if(c) c.value = url;
									lastImageCtrl = '';
								} else {
									return;
								}
							}
					</script>

I’m sure the above script can be modified or removed but I left it intact for the time being. Just next to it, or bellow add this script call:

<script language=\"javascript\" type=\"text/javascript\" src=\"/assets/plugins/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tb_standalone.js.php\"></script>

Just bellow this line, find:

				$field_html .='<input type="text" id="tv'.$field_id.'" name="tv'.$field_id.'"  value="'.$field_value .'" '.$field_style.' onchange="documentDirty=true;" /> <input type="button" value="'.$_lang['insert'].'" onclick="BrowseServer(\'tv'.$field_id.'\')" />';

Comment or delete this line and instead use:

				$field_html .='<input type="text" id="tv'.$field_id.'" name="tv'.$field_id.'"  value="'.$field_value .'" '.$field_style.' onchange="documentDirty=true;" /> <input type="button" value="'.$_lang['insert'].'" onclick="tinyBrowserPopUp(\'image\',\'tv'.$field_id.'\');" />';

Note: only the onclick portion of the form changes.

I’ve only gone as far as the image template variable which is what I needed at this time, the same concept can be applied if you use files or any other type of template variable that calls up a file browser.

If I come around to modify the script above or remove it in anyway, I’ll update this post, but I am leaving it as it is for the time being.

Jose R. Lopez