security problem

[shel3over]

the ckeditor used in the script can be used to upload php files and this can very dangerous for the website

you can check the web site of the demo & you can find lots of file uploaded there ( php shells )

[JLiscom]

Have you ever known about something and completely forgot it until something went terribly wrong?

Disabled in the demo. In future I wont allow direct access to files.

[shel3over]

@FoxUSA if you dont have time to work on it i'm happy to help :)

[JLiscom]

I wont stop you from taking a crack at it. I was thinking of creating a db table to track the original file name, and a random file name to be stored on the disk. A php script will then be used to retrieve the file from an id. I like this approach because it will also allow me to restrict downloading to the user that uploaded and at some point who the user shares it with.

Or, upload all the files into the database. I am on the fence with that approach.

[shel3over]

@FoxUSA a very nice idea :)

[JLiscom]

support in 13.11.6