On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • RE: Johnny1000 at first I tried my best not to understand you, then I realized that your feature was a fantastic one, one that I had considered a long time ago but something erased it from my medulla.

    First, do you ever use Rich Text in Introtext and Description?
    To check my understanding: you want an enable/disable checkbox visible always?
    And in your setup for example, the functional checkboxes for the above fields would be unchecked at page load? And checking them would voila the Editor?

    Yours and Dave Smith's feature will be implemented in next major/minor release.

    Dave's:
    uncheck checkbox and instead of plain textarea you see a beautiful Ace Editor.

    Thanks for using, and for awesome feedback. smiley
      TinymceWrapper: Complete back/frontend content solution.
      Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
      5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.
    • RE: elz064 Official TinyMCE has updated and beautifully outdone themselves in their new doc site.
      With TinymceWrapper, you can truly follow and implement whatever you see/read on https://www.tinymce.com/docs/
      You can also play on their grounds: http://fiddle.tinymce.com/
      Create awesome skins: http://skin.tinymce.com/

      I don't know how long they'd continue to support v3, but I suggest to completely embrace v4.
      Also, the benefits of using TinymceWrapper is that I create plugins for TinyMCE that you just won't see elsewhere. And I can customize existing plugins.
      And you have enigmatic_user guiding you wink - awesome as always!
        TinymceWrapper: Complete back/frontend content solution.
        Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
        5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.
      • Quote from: donshakespeare at Aug 01, 2016, 09:08 PM
        Thanks @enigmatic_user - quality step by step there.
        Thanks for linking to my little guide from the TinymceWrapper installation options! smiley

        One little thing: I just updated one installation to version 2.3.2-pl. After that, the property sets for the system events of the plugin were set back to "Default". Is there a way to let these settings alone if there's already a property set assigned to the event?

        Also, I had some difficulties installing TinymceWrapper 2.3.1-pl (the first version I installed) and updating to 2.3.2-pl on some of my local MODX development installations. While it worked without any problems for two or three of them, I had problems with a similar number of other installations. The attributes column of the transport_packages table remained empty, and so I just saw an empty grid row when the installation started. The "Close" and "Next" buttons were there, but that was all. When clicking on "Next", the installation failed.

        This time (when updating, not installing for the first time), when I tried to install the package and it failed, this seems to have "repaired" the table entry, and the next time I tried, it seemed to work (although there were still some error messages, which I unfortunately didn't note/copy). But on the next MODX installation the update failed completely.

        I have no idea why this behaves so differently in different MODX instances. Other Extras can be installed and updated without any issues, and it shouldn't be a problem with incompatible Extras, as the local MODX development installations are very similar to the productive ones on the server, which have no problem with TinymceWrapper at all. Really strange...

        I could install TinymceWrapper 2.3.1-pl everywhere by fiddling with the transport_packages table and the cache files (?), etc., but of course that's not the best option.

        I'm using XAMPP with PHP 5.6 as my development server; it runs on a Windows 7 x64 machine.

        If you have any idea what might happen there, please don't hold back... wink I'll try to capture some error messages for you, but I have some tough deadlines, so I don't have that much time to occupy myself with that just now.

        Cheers,
        Jan
          This message has been ROT-13 encrypted twice for higher security.
        • One little thing: I just updated one installation to version 2.3.2-pl. After that, the property sets for the system events of the plugin were set back to "Default". Is there a way to let these settings alone if there's already a property set assigned to the event?
          I am almost certain this would be a MODX-level feature request. I know, it is super annoying.
          Maybe when psets start becoming more used in the way TinymceWrapper uses them, they'll show this feature some love.

          I think, on upgrade, the plugin is completely overwritten - all its DB affairs - so that there is no way for MODX to remember anything about said plugin not even the psets attached to it.
          BUT, what I could do is allow the user to reattach existing pset as install option.

          As for the other issues, I can't respond properly without pertinent error reports to lead me.
            TinymceWrapper: Complete back/frontend content solution.
            Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
            5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.
          • Wooh that's an explanation.
            thanks a lot

            I'll Have a look in a ouple of week now.

            • Quote from: donshakespeare at Aug 09, 2016, 12:33 AM
              BUT, what I could do is allow the user to reattach existing pset as install option.
              That would be great!

              Quote from: donshakespeare at Aug 09, 2016, 12:33 AM
              As for the other issues, I can't respond properly without pertinent error reports to lead me.
              Yes, I expected this answer (and it's probably the one I would have given in such a case wink). I just hoped you might have an idea.

              It seems to be connected with the maximum path length on Windows. I tried another update on a local MODX instance where the initial installation of TinymceWrapper had failed before (which I had been able to "repair" manually). I got the following error message:

              Console running...
              Attempting to install package with signature: tinymcewrapper-2.3.2-pl
              Package found...now preparing to install.
              PHP warning: ZipArchive::extractTo() [ziparchive.extractto.html]: Full extraction path exceed MAXPATHLEN (260)
              Could not unpack package F:/xampp/htdocs/projekte/_kunden/headstarters/modx/core/packages/tinymcewrapper-2.3.2-pl.transport.zip to F:/xampp/htdocs/projekte/_kunden/headstarters/modx/core/packages/. SIG: tinymcewrapper-2.3.2-pl
              [Updater] packages have been changed, clearing updater cache.
              [Updater] Successfully cleared updater cache after package change.
              [Updater] There was an error clearing Updaters' internal caches.
              Could not install package with signature: tinymcewrapper-2.3.2-pl
              The Updater Extra is not the problem - the installation of TinymceWrapper failed on local sites where Updater wasn't installed.

              Indeed the installation paths of those local sites where the problem occurred are a few characters longer than the paths of the sites where the installation succeeded.

              So it's not a bug in TinymceWrapper, it just brings some long paths with it. I'll have to repair the TinymceWrapper installations manually or to move the MODX instances to a shorter base path.

              Cheers,
              Jan
                This message has been ROT-13 encrypted twice for higher security.
              • Thanks for reporting that. It will save someone.
                  TinymceWrapper: Complete back/frontend content solution.
                  Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
                  5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.
                • How To Transform MODX Messages to Rich Text

                  So, a while back you tasted the raw power of customJS and learned how to use TinymceWrapper's editor within ModMore's Content Blocks

                  Now let me show you how to do the same for Private Messages.

                  In TinymceWrapper's plugin properties(your pset), set:

                  customJS = yes
                  cutomJSchunks = Message

                  Create chunk, TinymceWrapperMessage(+chunkSuffix) with this content
                  function tinyMessageInit(id){
                    tinymce.init({
                      selector: "#"+id,
                      [[$TinymceWrapperCommonCode]]
                      statusbar: false,
                      plugins: "imagetools,,paste,contextmenu,image,code,link",
                      toolbar: "link image bold italic"
                    })
                  }
                  function tinyMessageButton(thisButton,id){
                    if($(thisButton).hasClass("m_active")){
                      if($("#"+id).is(':visible') ){
                        $(thisButton).find("button").text("Remove TinyMCE");
                        $(thisButton).removeClass("m_active");
                        tinyMessageInit(id)
                      }
                    }
                    else{
                      $(thisButton).addClass("m_active");
                      $(thisButton).find("button").text("Edit With TinyMCE");
                      tinymce.get(id).destroy();
                      $("#"+id).fadeIn();
                    }
                  }
                  Ext.onReady(function(){
                    $(document).on("mouseenter", ".modx-window", function () {
                      if ($(this).has("input[name=sendemail]").length && $(this).has("textarea[name=message]").length){
                        var tinyContent = $(this).find("textarea[name=message]");
                        tinyMessageId = tinyContent.attr("id");
                        if ($(this).has(".tinyMessageButton").length){}
                        else{
                          $(this).find(".x-toolbar-left-row").prepend("<p onclick=tinyMessageButton(this,tinyMessageId) class='tinyMessageButton m_active  x-btn x-btn-small x-btn-icon-small-left x-btn-noicon' unselectable='on'><em><button  class='x-btn-text'>Edit with TinyMCE</button></em></p>");
                        }
                      }
                    });
                  });

                  Done!!!!
                  Now you can manipulate the resulting HTML in the frontend like a boss
                    TinymceWrapper: Complete back/frontend content solution.
                    Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
                    5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.
                  • Does this imply we shouldnt be using the traditional TinyMCE? I read somewhere not sure of the link now that TinyMCE exposes MODx to some vulnerability. True?
                    • Hello ojchris,

                      What do you mean by traditional TinyMCE? And I am not sure what you mean by "does this imply".

                      Note:
                      Official TinyMCE is pure JS
                      MODX' server side is PHP

                      Any input issues cannot be blamed on the JS tool, but on the PHP filtering capacity of the backend.
                      But if older MODX TinyMCE Extras had issues in their PHP-based integration such as to expose MODX, that's a different question.

                      Does TinyMCE 4 do a wonderful job at assisting filtering junk, client-side? Absolutely!!!!

                      And if this answers your question: I would use only TinymceWrapper for MODX, and nothing else smiley

                      http://archive.tinymce.com/wiki.php/TinyMCE3x:Security
                      TinyMCE in itself can not be insecure, it would be completly impossible for any exploit to exist in TinyMCE that would allow anyone to hack your blog/cms or similar by injecting XSS contents since it by it self can't modify the contents of the site. The server side scripts like PHP/.NET etc is what's updating your site.

                      It is important to understand that TinyMCE is PURE Javascript, and is only run in the context of the browser of the user who is using the page. Any exploit in the regards of XSS has to be plugged in the server side logic since that exploit would still be there if you disable javascript.

                      This also means you should not assume that TinyMCE is secure, if you implement TinyMCE on a public page where anyone has access and can public the content, you are bound to run into security issues. Most systems have TinyMCE behind some form of login but people within that system might still for example paste in code that has securty issues.

                      We would recommend that you use server side filtering of some sort, here is a few examples.

                      htmLawed
                      HTMLPurifier
                      Zend_Filter_Input
                      Using filtering you can achieve good security even for public content, such as a forum or wiki.
                      [ed. note: donshakespeare last edited this post 3 years, 5 months ago.]
                        TinymceWrapper: Complete back/frontend content solution.
                        Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
                        5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.