Hello friends, this message was originally written in Russian, the translation through Google Translate is published here. For this, I apologize for my English.
I am a big fan of CMS Grav, and not so long ago I started using the Fred plugin (https://github.com/BugHunter2k/grav-plugin-fred) is an excellent plugin which unfortunately the function of inserting images into recordings does not work.
In attempts to restore image loading through the plugin, I found a great solution for inserting images through KCFinder (https://github.com/wotta/ContentTools.KCFinder.js).
Friends, this is a great solution, and it allows you to conveniently interact with the content and images of the page. But I was unable to block access for unauthorized users to the bootloader page. And now in more detail.
In order to make fred plugin friends with KCFinder, I rewrote part of the fred plugin code, and placed KCFinder (http://github.com/sunhater/kcfinder/releases/latest) in the root of the site. In order to implement image loading.
For clarity, I created a local test site (gravfredkcfinder.test) on which my plugin edits and the use of KCFinder have already been applied.
You can download my assembly at this link:
Unpack the archive into the “folder ofgravfredkcfinder”your local server (I use Laragon for Windows 10).
To access the admin panel, use:
Go to any blog page (for example, this http://gravfredkcfinder.test/blog/2014-01-08-a-quotation) and try to edit the content after pressing the blue button with a pencil. And you will be able to not only edit the content, but also add an image that will be saved in the “\ main \ kcfinder \ upload \ images” folder of the site. In principle, the plugin works as needed. But if you enter incognito mode by the link:
, any user will have the opportunity to add or delete images on the server. Which is a completely unsafe fact and can lead to hacking of the whole site.
How can I block access to this page if an unauthorized user is on the site? I really hope for your help, and I look forward to any answers with patience. Thanks to everyone who answers in this thread.
And if Grav developers can tell how it is possible to implement image loading in the recording folder and not in a separate folder. I will be very happy.