I'm always very wary of servlets that allow access to a filename passed in as a request parameter... you are potentially opening up complete access to your server if you are not careful. Before introducing something like this into your application you must do a security audit on it
https://github.com/Studio-42/elfinder-servlet/blob/master/src/main/java/org/elfinder/servlets/commands/OpenCommand.java On Tuesday, 13 March 2012, Dragan Sahpaski <dragan.sahpa...@gmail.com> wrote: > Hi Ville, > We decided to go with http://elfinder.org/. > The discussion is on the tynamo dev list. > It's BSD licensed, the code is pretty clean, it's actively developed. and > it looks pretty stable. > I'll integrate it very shortly (this week) and give you a link to a demo, > or just follow the list. > > If it turns out ok we'll have another tynamo module. > > Cheers, > Dragan Sahpaski > > > > On Mon, Mar 12, 2012 at 9:30 PM, Ville <ville.virta...@orientimport.fi >wrote: > >> Hi, >> >> CKFinder is commercial product with no freeware licensing model afaik. >> However their prices are so low that I'd be happy to pay if the product is >> good. Then the ckeditor component should only provide a bridge to their >> java >> implementation and let the developer using the component to provide the >> actual paid ckfinder for it. >> >> The upload-only approach is not an option for us, as the users really need >> the browsing view to the server and it's files with thumbnails. >> >> - Ville >> >> >> >> -- >> View this message in context: >> http://tapestry.1045711.n5.nabble.com/Simple-CMS-content-editor-component-tp5494712p5559036.html >> Sent from the Tapestry - User mailing list archive at Nabble.com. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> >
