- Posts: 18
COMMUNITY FORUM
submit article - security problem
- testa
-
Topic Author
- Offline
- New Member
Less
More
13 years 11 months ago #89935
by testa
submit article - security problem was created by testa
hello,I'd like my users to submit article. for me as a beginner this is very tricky, but I think I found how it works generally. but here I found a security problem:when they submit an article they can get to my server files by adding pictures and so on.I deactivated all the tabs next to the content (images, videos, attachements and so on) but at least the picture button under the content still appears. when they click at this they can see the files on my server - I think this is a security problem.is there a solution??
Please Log in or Create an account to join the conversation.
- william white
-
- Offline
- Platinum Member
Less
More
- Posts: 3722
13 years 11 months ago #89936
by william white
Replied by william white on topic submit article - security problem
Are you using JCE?
If you are you will find a setting that allows you to insert a picture into an article or item.
You can also choose an image from a pre-set directory and insert or upload an image and put the new image in the article/item.
If you have disabled the K2 image, and the K2 image gallery, video, and attachments and are concerned with the editor showing the images then jail it to a certian directory, or turn it off in the editor, or just set the permissions where the file wont upload.
The ability to insert rich content is central to the way K2 works and most use it. The "browze server" button shouldnt be an issue for you if you have already disabled the image tab.
In short its either locked down or its usable.
If you are you will find a setting that allows you to insert a picture into an article or item.
You can also choose an image from a pre-set directory and insert or upload an image and put the new image in the article/item.
If you have disabled the K2 image, and the K2 image gallery, video, and attachments and are concerned with the editor showing the images then jail it to a certian directory, or turn it off in the editor, or just set the permissions where the file wont upload.
The ability to insert rich content is central to the way K2 works and most use it. The "browze server" button shouldnt be an issue for you if you have already disabled the image tab.
In short its either locked down or its usable.
Please Log in or Create an account to join the conversation.
- testa
-
- Offline
- New Member
Less
More
- Posts: 18
13 years 11 months ago #89937
by testa
Replied by testa on topic submit article - security problem
hello william,
first of all my english isn't that good so I don't think that I understood everyting.
First of all, yes, I use jce. but I switched to "no editor" now and nothing changed.
I would love that my users can add pictures and so on but I don't want them see my server files...
So is there a possibility that they can't see these files and just link or upload their own files?
Or is there a addon/plugin or whatever like the joomla submit article one which already handles this - because I also don't need the k2 menus but only the possibility for my users to submit articles..
I just think about letting them submit with the joomla one, but then I have to manually copy or convert these articles to k2, am I right? Or is there an automatic way that new joomla articles are cloned as k2 articles?
first of all my english isn't that good so I don't think that I understood everyting.
First of all, yes, I use jce. but I switched to "no editor" now and nothing changed.
I would love that my users can add pictures and so on but I don't want them see my server files...
So is there a possibility that they can't see these files and just link or upload their own files?
Or is there a addon/plugin or whatever like the joomla submit article one which already handles this - because I also don't need the k2 menus but only the possibility for my users to submit articles..
I just think about letting them submit with the joomla one, but then I have to manually copy or convert these articles to k2, am I right? Or is there an automatic way that new joomla articles are cloned as k2 articles?
Please Log in or Create an account to join the conversation.