Yii 1.1: fileeditor

FileEditor is a powerfull multifile editor.

FileEditor is a powerful multifile editor. Usefull for CMS projects.

Supported languages: bg, cs, de, dk, en, eo, es, fi, fr, hr, it, ja, mk, nl, pl, pt, ro, ru, sk, zn

Supported programming syntaxes: basic, brainfuck, c, coldfusion, cpp, css, html, java, js, pas, perl, php, python, robotstxt, ruby, sql, tsql, vb, xml

FileEditor use EditArea plug-in developed by Christophe Dolivet ( http://www.cdolivet.com ).

Extension is XHTML valid.

Update: Version 1.0.1 corected the bug: Can't create new file.

In FileeditorController, line 83, changed;

echo file_put_contents($_POST['directory'].DIRECTORY_SEPARATOR.$_POST['filename'], ""); to

echo file_put_contents(self::safe($_POST['directory'].'/'.$_POST['filename']), "");

WARNING: All versions prior v.1.0 have a severe security hole. Please update it as soon as possible to latest version.


Tested with Yii 1.1.7.


  • Download latest release package from Yii extensions repository
  • Unpack it.
  • Copy fileeditor folder in /protected/extensions/
  • Copy FileeditorController.php file under protected/controllers/
  • Copy logFileEditor.txt in your root and make it writable. You can customize this filename and path, but you must change it name and path in FileeditorController. Here will be registered some informations about any ilegal attempt to access other files than files from your public folders.
  • For test, copy files folder in the root's site and make it writable. In production you can use any folders.
  • Important: In every writable folder add a .htaccess file, containing deny from all text.


  • In your editor page, insert next code and adjust it properly to your necessities.
  • Open FileeditorController and put same editableFolders as value for $editableFolders. If someone know how this parameter could be imported from extension in controller , please let me know.
$this->widget('application.extensions.fileeditor.fileeditor', array(
            array('path'=>"files/css", 'label'=>'CSS'),
            array('path'=>"files/codes/php", 'label'=>'PHP'),
        'editorwidth'=> '910',
        'syntax'=> 'php',
        'toolbar'=>'new, load, save, |, search, go_to_line, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, word_wrap, |, help',
        'load_callback'=> 'loadFileEditor',
        'save_callback'=> 'saveFileEditor',
        'is_multi_files'=> true

Usual parameters to be adjusted:

  • editableFolders: a multidimensional array, which keep path and label for every editable folder.


For folder's path use relative paths to site root. Example: 'protected/views/site/pages' or files.

Label of folder must be unique and without slash or backslash. For labels, use short and suggestive names.

Important: In every writable folder you must add a .htaccess file, containing deny from all text to avoid external access to files.

Don't expose your sensitive folders to public access. For public access you use custom folders in which everybody can change anything.

Don't forget to make folders writable.

Parameters to customize editor:

  • name: id and name for textarea editor(change it only if there is another #editor element)
  • class: class for textarea editor(change it only if there is another .editor element)
  • editorwidth: width for editor (integer value without px)
  • min_width: minim width for editor (integer value without px)
  • min_height: minim height for editor (integer value without px)
  • cols: number of columns for textarea editor (integer value)
  • rows: number of rows for textarea editor (integer value)
  • language: language for editor. Available languages: bg, cs, de, dk, en, eo, es, fi, fr, hr, it, ja, mk, nl, pl, pt, ro, ru, sk, zn
  • syntax: default syntax for editor. Available syntaxes: basic, brainfuck, c, coldfusion, cpp, css, html, java, js, pas, perl, php, python, robotstxt, ruby, sql, tsql, vb, xml
  • allow_resize: permit editor to be resized. Available options: both, x, y
  • is_editable: set if editor is editabe or not(read-only)(boolean: true/false without quotes)
  • word_wrap: set if editor will use word wrap facility (boolean: true/false without quotes)
  • allow_toggle: add a checkbox to permit switch between editor and textarea (boolean: true/false without quotes)
  • start_highlight: set if editor use highlight as default (boolean: true/false without quotes)
  • toolbar: set toolbar elements
  • plugins: used to extend EditArea functionalities

Internally used parameters. Don't change:

  • load_callback: the callback used to load files
  • save_callback: the callback used to save files
  • EA_load_callback: the callback used when editor is loaded
  • EA_file_close_callback: the callback used when a file is closed
  • is_multi_files: set editor to accept more files to be opened at one time(boolean: true/false without quotes)

Change users permissions

To change users permissions, adjust settings in protected/controllers/FileeditorController.php, using Yii mode.



Any suggestion is very appreciate.

If somebody can help me to improve this extension (to automate import $editableFolders value from extension to FileeditorController, to avoid double declaration), please contact me.

Please before comment here asking help, contact me using Contact form from project page. Thank you.

Total 8 comments

#9749 report it
David Dreggors at 2012/09/08 02:12am
By design

Yes, I keep notices and warnings (E_ALL) turned on in php.ini on my development boxes. This way I know about unset variables and things of this nature before I move my code into production. I can then avoid odd issues that are hard to track down.

My thought is that it is cleaner to make sure that all variables are initialized as blank ($var = "") when there is a possible scenario where they may get called and might be null later.

Example 1:

        echo CHtml::textArea(
                'id'=> $this->feId,
                'encode'=> $this->encode,
                'rows'=> $this->pars['rows'],
                'cols'=> $this->pars['cols']

Example 2 (line 66 in protected/extensions/fileeditor/fileeditor.php):

(isset($this->value))?$this->pars['value'] = $this->value:$this->pars['value'] = "";

I would personally use example 2, this way it is handled in the class and not a single included file. Later usages are then already covered.

Just my 2 cents ;-)

#9717 report it
matricks at 2012/09/05 03:20pm
PHP notice!

@David Dreggors, your error is actually a PHP notice! Set in your php.ini to not display notices.

#9596 report it
David Dreggors at 2012/08/27 05:11pm
More detailed usage instructions

I have all files copied as instructed but cannot make this work.

I created a view under "protected/views/site/editor.php" In my SiteController.php I added an actionEditor that renders editor.

Now when I browse to "/index.php?r=site/editor" I get the following error:

PHP notice

Undefined index: value


03     <?php
04         echo CHtml::textArea(
05             $this->pars['name'].$this->feId, 
06             $this->pars['value'],
07             array(
08                 'id'=> $this->feId,
09                 'class'=>$this->pars['class'],
10                 'encode'=> $this->encode,
11                 'rows'=> $this->pars['rows'],
12                 'cols'=> $this->pars['cols']
13             )
14         );
15     ?>

The error is referring to line 06 above. The editor.php has the code you mentioned above for usage. The only change is the editableFolders array points to a relative path that actually exists on my webapp (protected/views/site) as does the Fileeditor controller.

#5225 report it
sensorario at 2011/09/23 11:55am

This extension is fantastic!!! Absolutely!!!

#5183 report it
matricks at 2011/09/21 11:56am

As I said, it is working in IE 9. I will not work to support expired browsers from M$. I prefer to educate users to use better browsers, than to work to support the worst browser. I will work to support IE, when it's code will be Open Source :), will not use proprietary code and will obey W3C standards. For me is more important to write valid code. If work perfect in Firefox, Chrome, Safari is enough. Nobody constrain somebody to use IE. And if a developer need to use my work and consider is necessary to be usable in oldest IE, he can adjust it, because have the code.

#5180 report it
pappleton at 2011/09/21 10:47am
OK I have tried in Firefox and it works

OK I have tried in Firefox and it works. A shame you wont get it working for IE7+ its a good piece of work. I develop in Firefox but always try to make things cross browser - its normally only a little tweak that is required. If I get time I may have a try but its unlikely for a long time. Good work though.

#5176 report it
matricks at 2011/09/21 09:34am
IE and Windows

I am sorry to hear this, but I don't use Windows and I am not really concerned about IE users. I have some reports that extension is working with IE 9.

#5175 report it
pappleton at 2011/09/21 07:19am
Demo page not working

Hi it looks a great extension but I could not see the demo working at:


I am using IE7.

Leave a comment

Please to leave your comment.

Create extension