For secure CKFinder
, you need to add to the action:
$this->getRequest()->getSession()->set('AllowCKFinder', TRUE); // Allow to use CKFinder
And then modify the config.php
file of CKFinder with next code:
function CheckAuthentication()
{
session_start();
$status = FALSE;
$file = dirname(__FILE__) .'/../../../app/cache/prod/sessions/sess_'. session_id();
if (file_exists($file)) {
$status = (bool)preg_match('/AllowCKFinder/i', file_get_contents($file));
}
if ( ! $status) {
$file = dirname(__FILE__) .'/../../../app/cache/dev/sessions/sess_'. session_id();
if (file_exists($file)) {
$status = (bool)preg_match('/AllowCKFinder/i', file_get_contents($file));
}
}
return $status;
// WARNING : DO NOT simply return "true". By doing so, you are allowing
// "anyone" to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as...
// return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];
// ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
// user logs in your system. To be able to use session variables don't
// forget to add session_start() at the top of this file.
return false;
}
Original post here