[PHP] Sécuriser CKFinder dans Zend Framework

CKFinder est le filemanager de CKEditor, lors de sa configuration, il faut le sécuriser, pour cela, il a une fonction "CheckAuthentication()" qui retourne false par défaut.

dans le cadre d'un zend framework, le sécurisation peut se faire comme suit :

function CheckAuthentication()
	// WARNING : DO NOT simply return "true". By doing so, you are allowing
	// "anyone" to upload and list the files in your server. You must implement
	// some kind of session validation here. Even something very simple as...

	// return isset($_SESSION['IsAuthorized']) && $_SESSION['IsAuthorized'];

	// ... where $_SESSION['IsAuthorized'] is set to "true" as soon as the
	// user logs in your system. To be able to use session variables don't
	// forget to add session_start() at the top of this file.

	//return true;

    return !empty($_SESSION['Zend_Auth']['storage']);
Subscribe to RSS - ckfinder