Security configuration file

Last post 04-01-2010, 2:46 PM by capnhairdo. 8 replies.
Sort Posts: Previous Next
  •  07-24-2009, 8:46 AM 54242

    Security configuration file

    I am trying to use the file locations configured in the 'Configruation/Security/Default.config' file.
     
    The problem is that unless i programmatically configur both the ImageGalleryPath and the MaxImageSize then the cute editor window will display the message "The area you are attempting to access is forbidden." when i try to upload any files.
     
    For reference here is the code that I am currently using that works:

    editor.ID =
    "ABSTRACT"
    editor.Text = ABSTRACT
    editor.FilesPath =
    "CuteEditor_Files"
    editor.ImageGalleryPath = "/Uploads"
    editor.MaxImageSize = 250
    editor.Draw()
     
    And here is the code that I want to work that is not:
     
    editor.ID = "ABSTRACT"
    editor.Text = ABSTRACT
    editor.FilesPath =
    "CuteEditor_Files"
    editor.Draw() 
     
    Note also that I have confirmed that the default.config file is being used (if you specify the unwanted values) by modifying the maximum document size.
    Note also that I am also forbidden from uploading documents(and all other file types) unless the ImageGalleryPath and MaxImageSize values are specified programmatically.
  •  07-24-2009, 1:21 PM 54260 in reply to 54242

    Re: Security configuration file

    1. Can you post the ImageGalleryPath Setting in Default.config?
     
    2. Is your site online so you can provide a testing URL?
     
    3. Can you try the following code?
     
    1. <!-- #include file = "CuteEditor_Files/include_CuteEditor.asp" -->    
    2. <html>       
    3.     <body>  
    4.            
    5.         <form name="theForm" action="Get_HtmlContent.asp" method="post" ID="Form1">  
    6.         <%   
    7.             Dim editor   
    8.             Set editor = New CuteEditor   
    9.             editor.ID = "Editor1"  
    10.             editor.Text = "Type here"  
    11.             editor.FilesPath = "CuteEditor_Files"  
    12.             editor.Draw()   
    13.         %>  
    14.                            
    15.         </form>  
    16.     </body>  
    17. </html>  
     

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  07-24-2009, 3:49 PM 54266 in reply to 54260

    Re: Security configuration file

    All of our cute editor windows that allow file upload are in the admin section of the site which is password protected. I tried the code from above and am still get a "The area you are attempting to access is forbidden" message in the pop up window when you try to upload any files.
     
    here is a copy of the default.config file I have made a couple modifications to use larger sizes and differnt paths but note that it did not fucntion under the default configuration either (yes each of these folders exists and if the image gallerypath is programmatically specified I am able to upload items to the /UserFiles/Media folder (or any of the other folders) even though it is not programmatically specified:
     
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
     <security name="MaxImageSize">1000</security>
     <security name="MaxMediaSize">100000</security>
     <security name="MaxFlashSize">10000</security>
     <security name="MaxDocumentSize">10000</security>
     <security name="MaxTemplateSize">1000</security>
     <security name="ImageGalleryPath">/UserFiles/Image</security>
     <security name="MediaGalleryPath">/UserFiles/Media</security>
     <security name="FlashGalleryPath">/UserFiles/Flash</security>
     <security name="TemplateGalleryPath">/templates</security>
     <security name="FilesGalleryPath">/UserFiles/File</security>
     <security name="AllowUpload">true</security>
     <security name="AllowCreateFolder">true</security>
     <security name="AllowRename">true</security>
     <security name="AllowDelete">true</security>
      <security name="ImageFilters">
        <item>.jpg</item>
        <item>.jpeg</item>
        <item>.gif</item>
        <item>.png</item>
      </security>
      <security name="MediaFilters">
        <item>.avi</item>
        <item>.mpg</item>
        <item>.mpeg</item>
        <item>.mp3</item>
        <item>.wmv</item>
        <item>.wav</item>
      </security>
      <security name="DocumentFilters">
        <item>.txt</item>
        <item>.doc</item>
        <item>.pdf</item>
        <item>.zip</item>
        <item>.rar</item>
        <item>.avi</item>
        <item>.mpg</item>
        <item>.mpeg</item>
        <item>.mp3</item>
        <item>.wav</item>
        <item>.swf</item>
        <item>.jpg</item>
        <item>.jpeg</item>
        <item>.gif</item>
        <item>.png</item>
        <item>.htm</item>
        <item>.xls</item>
        <item>.html</item>
        <item>.rtf</item>
        <item>.wmv</item>
      </security>
      <security name="TemplateFilters">
        <item>.txt</item>
        <item>.rtf</item>
        <item>.html</item>
        <item>.htm</item>
        <item>.xml</item>
      </security>
      <!-- Allow upload, disable the delete,create funtion -->
      <security name="DemoMode">false</security>
    </configuration>
  •  07-27-2009, 2:43 PM 54304 in reply to 54266

    Re: Security configuration file

    >> I tried the code from above and am still get a "The area you are attempting to access is forbidden" message in the pop up window when you try to upload any files.
     
    So this issue is not caused by the code that programmatically change the ImageGalleryPath.
     
    Have you disabled the session in your application?
     
    Can you download the latest build then try again?

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  04-01-2010, 2:49 AM 59791 in reply to 54304

    Re: Security configuration file

    I'm getting a similar issue. We're using CuteEditor in a section of our site that is password-protected. I'm getting the same exact error detailed in this thread from the .NET forum.
     
    Is there a fix for the ASP Classic version of CuteEditor? I couldn't find anything that looked similar.
     
  •  04-01-2010, 10:41 AM 59804 in reply to 59791

    Re: Security configuration file

    capnhairdo:
    I'm getting a similar issue. We're using CuteEditor in a section of our site that is password-protected. I'm getting the same exact error detailed in this thread from the .NET forum.
     
    Is there a fix for the ASP Classic version of CuteEditor? I couldn't find anything that looked similar.
     
     
    capnhairdo,
     
    Which version of Cute Editor are you using?
     
    Version 6.6 should not have this problem.
     
    If you are using the editor in a secure enviroment, you can remove the secutiry check of editor by modifying
     
    include_Security.asp

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  04-01-2010, 12:19 PM 59808 in reply to 59804

    Re: Security configuration file

    I'm using 6.6...just downloaded it yesterday.
     
    It's not a secure environment, just password-protected so that it's not accessible by the Internet Guest User account. Is there a way to disable the Flash uploader and try the iframe uploader instead, or is that not a feature on the ASP Classic version?
     
    I found two copies of include_Security.asp, one in Dialogs and one in Dialogs/Tag. They're identical except for one line. What should I change?
     
    Thanks.
     
  •  04-01-2010, 2:12 PM 59811 in reply to 59808

    Re: Security configuration file

    >>I found two copies of include_Security.asp, one in Dialogs and one in Dialogs/Tag. They're identical except for one line. What should I
    change?
     
    Both.
    >>Is there a way to disable the Flash uploader and try the iframe uploader instead, or is that not a feature on the ASP Classic version?
     
    Yes, you can use iframe mode by setting the uploader UploadType property to Iframe.

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  04-01-2010, 2:46 PM 59813 in reply to 59811

    Re: Security configuration file

    Thanks...though it would have helped if you told me where that variable was. I found it in 
     
    cuteeditor_files/Dialogs/aspuploader/resources/coreimpl.js
     
    and changed "Auto" to "Iframe".
     

    Since the iframe uploader is an intentional feature, and since it seems like lots of people need it to overcome permissions problems with the Flash uploader, an I might suggest you make this a configuration option. Having to dig around in a minified JavaScript file to change this is a bummer. Thanks.
View as RSS news feed in XML