We would like to run the editor using the CKEditor CDN, however we are using a skin (Moonocolor) that is not included by default. The CKEditor forums discuss how it is possible to load a different skin with the CDN editor:
http://ckeditor.com/comment/133126#comment-133126
http://cdn.ckeditor.com/
http://docs.ckeditor.com/#!/api/CKEDITOR.config-cfg-skin
After reviewing these links and the existing 7.x-1.x-dev code, I was able to write a patch that adds ckeditor_skins_path
and ckeditor_skins_local_path
as new fields, similar to what exists for plugins. These fields allow me to use a locally stored skin with the CKEditor CDN version.
This solution would also provide for custom skins in different folders, which should resolve this issue: https://www.drupal.org/node/1461368
I'll attach a patch in a minute for review.
Comment | File | Size | Author |
---|---|---|---|
#42 | custom_skin_dev-2671806-42.patch | 15.21 KB | vokiel |
| |||
#34 | ckeditor-custom_skin_support-2671806-34.patch | 11.34 KB | ron_s |
| |||
#31 | interdiff-2671806-11-30.txt | 2.95 KB | ron_s |
#30 | ckeditor-custom_skin_support-2671806-30.patch | 11.25 KB | ron_s |
| |||
#30 | ckeditor_with_local.png | 44.05 KB | ron_s |
Comments
Comment #2
ron_s CreditAttribution: ron_s commentedAttached is a patch for review, thanks!
Comment #3
ron_s CreditAttribution: ron_s commentedShould adjust this... it's not a bug, it is a feature request.
Comment #5
ron_s CreditAttribution: ron_s commentedAttached is an updated version of the patch.
I noticed we were receiving console error messages that "
skin.js
" could not be found. After looking at the CKEditor CDN repository, I realized the content ofskin.js
is only included in the CDNckeditor.js
for the Kama and Moono skins.Therefore, I've added a validation on the global profile to display an error if using the CDN, the skin is not Kama or Moono, and
skin.js
cannot be found in the directory. The user is prompted to download the skin from the CKEditor Addons, and place the file in the correct location.Comment #6
ron_s CreditAttribution: ron_s commentedResetting to needs review.
Comment #8
alexverb CreditAttribution: alexverb as a volunteer commentedPatch looks good to me. And it seems good to also have the option to set a skins folder. I was looking for the same thing...
Patch doesn't pass because: ERROR: No valid tests were specified.
Comment #9
joseph.olstadThis patch is AWESOME guys, great work.
It also fixed a skin problem for me when using a local copy of ckeditor 4.6.2 , for some reason my skin was not working correctly until I used this patch.
I haven't looked at the code, but the results are amazing! Great work guys!
Without this, the skin functionality is broken, so definately, this patch is needed asap! Especially if you are not using the CDN, so as far as the above reports say, this patch is good for everyone!. Great work.
Comment #10
hass CreditAttribution: hass commented',
Is this safe against XSS? I think you better use @placeholders and move the inline HTML into the t().
'
+ )
No line breaks, please.
Such line breaks are also not allowed in translatable strings. THe full code block is incorrect here.
This is not allowed. Never use l().
Aside of this I have successfully compiled custom skins on cckeditor website and just used it in Drupal. A setting is not required for this.
Comment #11
ron_s CreditAttribution: ron_s commentedAn updated patch is attached. Please review my comments below.
Almost all of this patch is a copy/edit of existing CKEditor module code. I would highly recommend you perform a full audit of
ckeditor.admin.inc
.Once again, I would highly recommend a full audit. This is copy/paste of approach used consistently in the module.
Resolved.
Resolved.
Comment #12
Mile23The patch in #5 is the recommended way to install CKEditor alongside Media module in this script: https://www.drupal.org/node/2843391
Comment #13
ron_s CreditAttribution: ron_s commented@Mile23, the patch in #5 is not the current patch. Per the feedback in #10, a new version was necessary. If you are reviewing, please do so against patch #11.
Comment #14
ron_s CreditAttribution: ron_s commentedI modified the link in the recipe to point to the newer patch (#11).
Comment #15
jcisio CreditAttribution: jcisio at Axess Open Web Services commented#11 seems address #5 but we need a proper review.
Comment #16
joseph.olstad***EDIT*** thanks for the recent release
now , we need to get this patch in.
Comment #17
joseph.olstadpatch 11 no longer works with the latest release 7.x-1.18
it needs some work
ALTHOUGH, I was testing with ckeditor 4.6.2
haven't yet tested with ckeditor 4.7.1
Comment #18
joseph.olstadactually, it could be that I need to download some additional skins, I see some messages in my watchdog warning me of missing skin files.
Comment #19
ron_s CreditAttribution: ron_s commentedPatch #11 applies cleanly to CKEditor 7.x-1.18.
Comment #20
workplaysleep CreditAttribution: workplaysleep commentedconfirm: Patch #11 applies cleanly to CKEditor 7.x-1.18.
Great patch/addition! Will probably use this in production.
would be great to see this in the next stable release
Comment #21
chrisrockwell CreditAttribution: chrisrockwell commentedThis is excellent - I struggled with getting a new theme applied and this did the trick, applied against 7.x-1.x-dev.
Comment #22
paulvandenburg CreditAttribution: paulvandenburg at ezCompany commentedI'm having the issue where it no longer discovers non-default skins.
I have the following setup:
Latest dev version of this module (currently rev: 9ea879baf9e52a4a2e3b61addadb8c4ce8b233b0)
I'm using the latest stable version of the library specifically this: https://download.cksource.com/CKEditor/CKEditor/CKEditor%204.11.1/ckedit...
That library comes with just 1 skin (the new default): moono-lisa.
I add the moono skin (https://download.ckeditor.com/moono/releases/moono_4.11.1.zip)
At [libraries]/ckeditor/skins/moono
When using the #11 patch I only see the default moono-lisa skin.
When NOT using the #11 patch I see both the moono and moono-lisa skin.
It is possible that the patch from #2947109: New default CKEditor skin not recognized interferes with the #11 patch. I've not looked further into this issue I must confess.
Comment #23
ron_s CreditAttribution: ron_s commentedWe've been using various versions of this patch for almost three years with no problems. The patch in the other issue has only existed since last year.
If there is a possible conflict with #2947109, someone needs to test it rather than just assuming this patch doesn't work.
The bigger issue is why this patch has oscillated between "RTBC" and "Needs work" for almost 2 years without it ever being committed. On a long enough timeline, every patch will conflict with something and never be committed.
Comment #24
jcisio CreditAttribution: jcisio at Axess Open Web Services commentedIt has been oscillated between RTBC and NW because there was never a review for it. "It works" is not really a review of a patch. Security question was not really answered.
Comment #25
ron_s CreditAttribution: ron_s commentedIf what was added is a security issue, then the entirety of this module is a security issue. The same approach is used in CKEditor nearly 150 times.
Comment #26
paulvandenburg CreditAttribution: paulvandenburg as a volunteer commentedJust because some patch is older does not influence which issue should be moved to "needs work".
Since the other issue is already committed, any issues should be resolved in the non-committed issue, like this one.
I've tested it, albeit only functionally. The result was a problem with this patch so I've moved it to needs work. As we need to either confirm there is no bug with this patch OR resolve the problem, before this patch should be committed. Even if the bug is caused merely by passed time, bugs are bugs and should be resolved.
But I do recognize that it sucks that an issue is taking this long and that it can be frustrating for you as a contributor. However that is the reality of open source development. You are either dependent on the maintainer (and reviewers), or you have to be the maintainer and put in the work of resolving issues.
Comment #27
ron_s CreditAttribution: ron_s commentedI know how open source development works. This is symptomatic of the larger problems that afflict Drupal.
Comment #28
joseph.olstadthe security question was answered in #2671806-11: Add custom skin support
ron_s is using the same approach as is used elsewhere in the module. This is consistent, so if there is an issue it should be addressed in a new issue, not this one. I'd say the patch is good to commit.
and , if there's a problem with the consistent patterns in this module it should be addressed in one felt swoop in a separate issue rather than block a fix.
ron_s addressed the issues in patch 11. No one had issue directly with his comments and I suggest if there is an issue that it be dealt with in a new issue rather than stall this one indefinitely.
Comment #29
joseph.olstadI recommend to the maintainer to push in patch# 11
Then deal with related concerns in the followup issue
#3025136: code style and security hardenning for ckeditor.
Comment #30
ron_s CreditAttribution: ron_s commented@paulvanderberg, I have tested your claim that the patch causes non-default skins to be undetected, and I cannot reproduce. Whether using local or CDN, in both cases non-default skins are found.
Here is a screen shot showing the CDN:
And here is a screen shot showing a local install:
I would suggest the admin page
_validate
function can be extended to include the same check performed in #2947109, but this has no impact on the success or failure of the functionality. Essentially it is a check to ensure a dumb mistake is not made (trying to install a skin that is already the default).I've updated the patch to include this, but as I said, it makes no difference to the core of what this does.
Comment #31
ron_s CreditAttribution: ron_s commentedAnd if anyone wants to see an interdiff, here it is.
Comment #32
ron_s CreditAttribution: ron_s commentedComment #33
Mile23Setting NR for #30.
Comment #34
ron_s CreditAttribution: ron_s commentedA recent commit (https://www.drupal.org/node/3120684) causes patch #30 to no longer apply to 7.x-1.x-dev.
There are no changes to the code, since the patch written for this issue already includes the extra conditional applied in #3120684. See attached.
Comment #35
vokiel@ron_s I've tested a bit the patch and here is what I found
1. Skins are listed from the local directory even when no paths for custom skin is set. When such skin is chosen and settings are saved. This causes a
404
error. There is a message of invalid configuration, but still.So those plugins should not be listed until the path is set. There should be no default path returned when custom (local) skin directory is not set.
2. The default skin path when there is no config set yet points to
/skins
of the CKEditor module. This may cause some inconvenience, as there is a dedicated folder/ckeditor
in which there is a file COPY_HERE.txt. So it would be a better place, as users would put their local CKEditor there - and folders would match (plugins from CKEditor would have the same location).I've used your patch and extended it with my proposals. Please do a review.
BTW. I have added fieldsets to better group those settings, have fun :-)
Comment #36
ron_s CreditAttribution: ron_s commented@vokiel, thanks for the message. The fieldsets are fine, as are the changes you'd like to make with the
ckeditor_admin_global_profile_form_validate
function.Regarding the updates mentioned in #1 and #2, please reference comment #11. This patch is a copy/paste of identical code elsewhere in the module. If the goal is to make the changes you mentioned, then a full audit should be done to make changes everywhere they exist.
For example, the updates to the
ckeditor_skins_path
function are essentially an extension of existing code. If you believeckeditor_skins_path
needs to be improved, then each of the following needs to be improved too:The same with the update to the strip slash code in the
ckeditor_admin_global_profile_form_submit
function. The same code exists in theckeditor.admin.inc
file:I've always been open to streamlining previously written code, however module owners have told me such updates should be handled as part of a separate patch, not included in a new feature.
Comment #37
joseph.olstad@vokiel
in case you're wondering why your patch didn't apply, check the documentation
Comment #38
vokielThank you @ron_s for your comments.
I'll just add my point of view regarding this:
I noticed that I was thinking about ignoring it but the possible error with invalid skin setting made me to do those changes. This is a new code (even it's copy/paste) so it should be clean. Refactoring all the code does not make sense for me here. It could be done as a separate task, although Drupal 7 will reach end-of-life in November of 2021, there is Drupal 8 and Drupal 9 coming soon. So there is less and less ROI in investing time in refactoring.
As for the paths, it's a bit different in the case of CKEditor itself. When a user has the module enabled it should find any working CKEditor even if paths are not manually set yet. Plugins are defined within the module so the case is different as well. Setting the default path (if skins are found on the disk) may cause Editor to crash.
As for the validation:
1. It does not strip slash from the end, it basically does nothing because if the path is empty, then it's an empty string.
2. Here we have removal of the trailing slash, so the comment from 1 should be here, and point 1 can be removed.
3. Again, trailing slash removal, which repeats the step from 2. I see now that it was just a typo, there should be
$edit['ckeditor_skins_local_path']
not$edit['ckeditor_skins_path']
.@joseph.olstad picky exporting from PHPStrom didn't work :-(
Comment #39
ron_s CreditAttribution: ron_s commentedJust a note, saying it "basically does nothing" is not entirely true. If someone typed "0" or a
NULL
character as a string, it would be defined as empty, and should be reset to an empty string.The way it handles the
rtrim
andtrim
should probably be flipped:$edit['ckeditor_skins_path'] = rtrim(trim($edit['ckeditor_skins_path']), "/");
This would first trim the path for an extraneous characters, and then perform the
rtrim
on the path to remove the slash. As the code is right now, it would not trim anything if someone typed an extra space after the slash.Comment #40
ron_s CreditAttribution: ron_s commentedFYI, patch #38 no longer applies cleanly to -dev. There are problems with the
ckeditor_load_skin_options
function that are in conflict.Edit: sorry, I should be more clear. This patch is now conflicting with the patch you have been creating for javascript errors: https://www.drupal.org/project/ckeditor/issues/3120705#comment-13524955
Comment #41
ron_s CreditAttribution: ron_s commentedComment #42
vokielI'm attaching a patch with one fix (added extra
trim()
), which is based on the latestdev
.No other patches should be applied. The one form ticket #3120705 is a different issue so it should be treated separately.
Comment #44
vokielComment #45
ron_s CreditAttribution: ron_s commentedThere is a newly created bug in the patch committed in #43. See the following issue:
https://www.drupal.org/project/ckeditor/issues/3132694
Comment #46
vokielFixed with 308c58d