我正在使用带有codeigniter的ckeditor;
CKEDITOR.editorConfig = function( config ) {
config.width = '68%';
config.toolbarGroups= [
{name:"styles","groups":["styles"]},
{name: 'basicstyles', groups: [ 'basicstyles', 'cleanup' ] },
{name: "links"},
{name: "paragraph", groups: [ 'list', 'indent', 'blocks', 'align'] },
'/',
{name: 'colors' },
{name: 'clipboard', groups: [ 'clipboard', 'undo' ] },
{name:"insert","groups":["insert"]},
];
config.extraPlugins = 'mathjax,codesnippet,autogrow,colordialog,tableresize';
config.codeSnippet_theme = 'zenburn';
config.autoGrow_maxHeight = 600;
config.filebrowserUploadUrl = '../Ckeditor/do_upload';
};
这是Ckeditor的config.js文件
class Ckeditor extends CI_Controller{
public function __construct(){
parent::__construct();
$this->load->helper('url');
$this->load->helper('form');
}
public function do_upload(){
$config['upload_path'] = './resources/uploads/';
$config['allowed_types'] = 'gif|jpg|jpeg|png';
$this->load->library('upload');
$this->upload->initialize($config);
$funcNum = $this->input->get('CKEditorFuncNum');
if ( ! $this->upload->do_upload('upload')){
$error = array('error' => $this->upload->display_errors());
$message = 'fail';
$url = '';
}
else
{
$data = array('upload_data' => $this->upload->data());
$message = 'success';
$url = base_url().'resources/uploads/'. $this->upload->data()['file_name'];
}
echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction($funcNum, '$url', '$message');</script>";
}
public function index(){
echo 'this page is used for file upload';
$this->load->view('form', array('error' => ''));
}
}
do_upload在我使用时工作正常,但每次我尝试上传图像时对于CKeditor。我得到403 POST
http://localhost/ci/index.php/admin/Ckeditor/do_upload?CKEditor=editor1&CKEditorFuncNum=1&langCode=zh-cn 403 (Forbidden)
如何解决这个问题,它已经让我烦恼了一天......是不是因为缺少这个隐藏的领域?
<input type="hidden" name="csrf_test_name" value="3be92cbaaba15d7d08dd7affad23abfd" style="display:none;" />
但我如何让ckeditor工作。因为我无法控制生成的表单ckeditor上传图片?
_____________________________更新_____________________________________________
当我设置
时$config['csrf_protection'] = FALSE;
在codeigniter的config.php中。我没有问题上传图片。但我希望将其设置为TRUE。
/*
|--------------------------------------------------------------------------
| Cross Site Request Forgery
|--------------------------------------------------------------------------
| Enables a CSRF cookie token to be set. When set to TRUE, token will be
| checked on a submitted form. If you are accepting user data, it is strongly
| recommended CSRF protection be enabled.
|
| 'csrf_token_name' = The token name
| 'csrf_cookie_name' = The cookie name
| 'csrf_expire' = The number in seconds the token should expire.
| 'csrf_regenerate' = Regenerate token on every submission
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
*/
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();
所以我的问题可能是暂时禁用Codeigniter上的csrf_protection。
但为什么我要临时禁用呢?
是否有其他方法可以解决问题,而不是在单个网址上禁用csrf_protection,如下所示。
$config['csrf_exclude_uris'] = array(
'admin/Ckeditor/do_upload',
''
);