I got an information from "http://elrte.org/redmine/boards/2/topics/717" telling about "Destroyed global GET array". That reminded me that I was using Yii with urlmanager and rules in lighttpd server.
adding csrf cookie into javascript generate form in \extensions\tinymce_elfinder\tinymce\assets\elfinder\js\elfinder.full.js (also you need to change elfinder.min.js) and have the assets re-published
and save the two js in the zip file to \extensions\tinymce_elfinder\tinymce\assets\elfinder\js
and edit \extensions\tinymce_elfinder\tinymce\ETinyMce.php
Ln896
$cs->registerScriptFile($assets.’/elfinder/js/jquery.json.js’); //add this
$cs->registerScriptFile($assets.’/elfinder/js/jquery.cookie.js’); //add this
$cs->registerScriptFile($assets.'/elfinder/js/elfinder.min.js');
if(Yii::app()->language != 'en') $cs->registerScriptFile($assets.'/elfinder/js/i18n/elfinder.'.Yii::app()->language.'.js'); // tweak, so that no uncessary is add, this is to check if required to add language
More problem with Csrf. Flfinder when editing the file in text, cannot complete action as it fails with csrf. Do anyone know where and how to insert the YII_CSRF_TOKEN??
For those that have problems with using this extension and validate the csrf token i modified the elfinder.full.js file so that the script can accept custom POST params when doing the upload.
Like uploadify does, this change allows you to use the scriptData option to pass your custom params:
As you see, in scriptData i am passing the token so that it will be appended to the upload form and Yii can check it successfully.
The changes i did:
//In the default options area, line 704
[...]
autoReload : 0,
/**
* Option added by Twisted1919
* The scriptData will accept an object (key:value pairs)
* It is used to pass post data to the upload method so that for example you can check
* a CSRF Token.
* Also, see line 1964
**/
scriptData : null
//In the upload method, line 1964
[...]
/**
* Change made by Twisted1919
* Because most of the time we need to send extra data with the uploaded file
* like a csrf token, i needed a way to do this, so that the scriptData option was born.
**/
if(typeof(self.fm.options.scriptData)==='object'){
for(key in self.fm.options.scriptData){
f+='<input type="hidden" name="'+key+'" id="'+key+'" value="'+self.fm.options.scriptData[key]+'" />';
}
}
// end change by Twisted1919
[...]
Attached is the archive containing just the elfinder.full.js file (you can compress it if you like).
I have the same problem than you ilyaplot, it appears it’s almost all the time, the file inputs can’t be clicked. Happens on FireFox, but not on Google Chrome…
Long time ago I have used this extension, but recently I have completely replaced it but my own extensions.
Reasons to do so was:
I think tinyMce and elFinder should be in separate extensions.
I did not like how compressor and spellchecker was made in tinyMce - i think they must be in separate actions and should be configurable.
I did not like this extension because elfinder backend is not configurable(except editing files inside extension), because there is no posibility to easily add few elfider backends, and also there is serious security issues - just see what is published to assets(there is connector.php without any access control).
Also I want to use latest tinyMce
In case of using my extensions, you will get: latest tinymce version, more configurable integration with elFinder, separate actions for tinyMce compressor and spellchecker.
I have different folders in elFinder: hr, accountant, admin, employee. I have Yii roles ( hr, accountant, admin, employee). Is there a way that specific Yii roles access to only that folder. Lets say a Yii roles accountant can only have access (read and upload , delete files ) to accountant folder but not other folders like hr, admin , employee. Thank you for your help.