tinyfck completely removed from Seagull

4 views
Skip to first unread message

Demian Turner

unread,
Jul 11, 2008, 6:08:08 AM7/11/08
to Seagull PHP Framework General Group
Hi guys

The out of date wysiwyg editor that used to ship with Seagull,
tinyfck, has now been totally removed in the bugfix branch and
replaced with FCKeditor. If you were not following this thread there
was a security alert raised against tinyfck:

http://www.milw0rm.com/exploits/5945

You will see the "new" editor next time you use the publisher or cms
modules. If you want to customise anything in FCKeditor modify the

sgl/www/js/SGL/SglFckconfig.js
file.

Thanks to Laszlo Horvath for putting together the patch, and to
Michael Alber for his feedback and Frederico Caldeira Knabben, the
creator of FCKeditor, for his advice.

And of course the dudes over at milw0rm who obviously are totally
unfamiliar with best practices around disclosing security alerts.

Please update from svn bugfix if you're developing new projects, or
wait for the next release of Seagull 0.6.5 due out shortly and upgrade.

Keep in mind you must update $config[site][wysiwyg] to switch to
FCKeditor, eg set:

$config[site][wysiwyg] = 'fckeditor';

cheers
--
Demian Turner, maintainer
Seagull PHP Framework, http://seagullproject.org/


Reply all
Reply to author
Forward
0 new messages