It's a CKEditor with KCFinder,the free alternative to commercial CKFinder,a nice File Manager.
So ,KCFinder reads configuration from session,for security reasons,so that guest users cannot upload files.
Eveything worked fine,until I decided to use CDbHttpSession for my sessions instead of default CHttpSession.
Well,that broke KCFinder,for reasons that would bore you to death if explained.I have 3 questions:
- Has anybody got this to work?(KCFinder with CDbHttpSession)
- I can make this work If I sacrifice security,just change a disabled property to false in config.
Doing so,it would be possible for a guest user ,IF he knew the request URL for KC Finder,to use KCFinder,
I don't see how a non registered user could use KC Finder since I use this only on admin pages where only admin members have access.So is this really a security issue at all??
- An alternative solution?? (editor/FileManager bundle )
Thanks in advance.