Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Can we add caption support please? This patch adds drupalimagecaption as a dependency.
Comments
Comment #2
Tim Bozeman CreditAttribution: Tim Bozeman at CyberSolution for MJD Interactive commentedComment #3
Tim Bozeman CreditAttribution: Tim Bozeman at CyberSolution for Achieve Internet commentedComment #4
Tim Bozeman CreditAttribution: Tim Bozeman at CyberSolution for Achieve Internet commentedComment #5
panarican CreditAttribution: panarican as a volunteer commentedThe patch works well I reviewed it and didn't see any issues. Would be nice to see this implemented.
Comment #6
NickDickinsonWildeComment #7
NickDickinsonWildeMostly a re-roll although does include one change - instead of only checking if a UUID is available, creates a file and gets one if not.
Comment #8
bmx269 CreditAttribution: bmx269 commentedReviewed and tested.
Comment #9
ufku CreditAttribution: ufku commentedNot an ideal solution for a directory containing hundreds of images.
I think it would be better to get the uuid by ajax on file selection.
Comment #10
NickDickinsonWildeLonger term testing, revealed that with many files, performance is less than ideal as ufku suggested might be the case.
An improved patch attached.
Comment #11
caspervoogt CreditAttribution: caspervoogt at Plethora commentedThe patch from #10 worked for me. The JS portion of that patch did not apply, because it clashes with changes made to that file by patches from https://www.drupal.org/project/imce/issues/2762473 .. which grab the UUID using the File object in pure JS rather than creating a new function or endpoint using PHP. Might be worth a look and may also be more performant. I have not tested for performance specifically though.
Comment #12
caspervoogt CreditAttribution: caspervoogt at Plethora commentedFollowing up on #11, I re-rolled patch #10 so it doesn't clash with patch #30 from Should images uploaded with IMCE be managed?. I am using both this patch #12 and #30, and have captioning as well as file management working in IMCE/CKeditor.
Comment #13
stevechai CreditAttribution: stevechai commentedThe patch from #12 is working great, i can choose image by using icon provided by imce (icon provided by drupal core ckeditor removed) and double click on the image to insert caption and also choose alignment. But, when double click on the image, the popup should remove the "Open file browser" link from the image url form.
Another issue will be the figure class caption and caption-img not created.
Comment #14
caspervoogt CreditAttribution: caspervoogt at Plethora commented@stevechai, the patch from #12 doesn't add "Open File Browser".. I am not sure what controls that, but I don't think this patch should attempt to adjust that.
Regarding the file browser window not closing, I cannot reproduce that on my end. When I use the IMCE image icon and select and insert an image, the file browser window closes.
Regarding figure/figcaption, those don't show in the source code of the editor, but they do show up in the rendered code of the page - in my tests anyway. The image element just gets the data-caption attribute and some other attributes, and is then rendered as a figure if it contains a caption. That's working in my tests.
Comment #15
stevechai CreditAttribution: stevechai commented@caspervoogt, thanks for the reply. The figure/figcaption are added correctly. The align class was added, only the caption and caption-img was not added to the rendered result.
Which should be
<figure role="group" class="caption caption-img align-center">
Comment #16
caspervoogt CreditAttribution: caspervoogt at Plethora commentedAh OK, I understand.
Are the caption and caption-image a standard Drupal thing that should be added to the figure if it contains a caption? I can see the usefulness of having that.
I may take another look at that but I don't know when .. I am going on holiday quite soon. Sounds like it should be a minor adjustment e.g. "if caption is active, add caption classes to class array for figure".
Comment #17
stevechai CreditAttribution: stevechai commentedYeap, it's standard Drupal 8 thing, if using default ckeditor image upload plugin and set caption, the classes will be added to figure.
Thanks
Comment #18
caspervoogt CreditAttribution: caspervoogt at Plethora commentedOK, then. We will want to do the same. I will try and find time for this but it may be a few weeks.
Comment #19
stevechai CreditAttribution: stevechai commented@caspervoogt, no problem, thanks for the help. Enjoy your holiday.
Comment #20
TravisJohnston CreditAttribution: TravisJohnston commentedHello,
I wanted to check in to see what the current status of this is. I am trying to use the benefit of IMCE for the image library and some of the formatting, but the loss of the ability to add a caption is the problem. I tried #12 but that hasn't helped.
Comment #21
caspervoogt CreditAttribution: caspervoogt at Plethora commentedI won't be able to look at this for the foreseeable future. Maybe someone else can jump in.
Comment #22
thallesWorks for me!
Comment #25
ufku CreditAttribution: ufku commented- /imce-get-uuid is not secure. It allows file creation by CSRF
- "create files" permission is irrelevant. it must be a part of imce config.
- the uri sent to /imce-get-uuid must be validated and accessible by the current user's imce config.
- uri doesn't need to be added to js data. it is already available on js side.
Comment #28
thallesSorry I had not seen your revert.
Comment #29
caspervoogt CreditAttribution: caspervoogt at Plethora commentedI will not find the time to work on the outstanding issues any time soon, FYI. Hoping others can jump in and fill in some of these gaps.
Comment #30
thallesHi @ufku, can you help us?
This patch is really important because it solves other problems, such as resizing the image inside CKEditor.
Comment #31
thallesIt is worth mentioning that I tried to access the url http://d8.lndo.site/imce-get-uuid without user login and I was denied access
Comment #32
thallesThis is only an applicable patch, not yet patched
Comment #33
medinasod CreditAttribution: medinasod commented@thalles does this patch fix the problem outlined here?
https://www.drupal.org/project/imce/issues/3024340
Comment #34
Alan D. CreditAttribution: Alan D. commentedIt's to address something like this (same OR different site when logged in on http://d8.lndo.site/)
On http://d8.lndo.site/
On any other site
Comment #35
thallesHi @medinasod, if you look at the patches of both issues you will find that they are the same solution.
@Alan D, I just make a note once @ufku spoke of the validation of the logged in user.
I hope we can resolve this issue soon.
Thanks @all!
Comment #36
caspervoogt CreditAttribution: caspervoogt at Plethora commented"It is worth mentioning that I tried to access the url http://d8.lndo.site/imce-get-uuid without user login and I was denied access"
OK, what does that mean in terms of the remaining issues?
Also, I tried patch #32 (it applied cleanly) but it didn't seem to do anything; when I upload a new image and insert it, it has no UUID and I can't edit the image. What does "This is only an applicable patch, not yet patched" mean?
Comment #37
thallesAfter apply the pacth you need clear the cache.
I did not make changes to the patch, I just left the patch applicable again, to make it easier for anyone who wanted to work on the issue.
I just wanted to say that you need to be logged in to have access to /imce-get-uuid/?uri=public%3A%2F%2Fimages%2F5-unique-animals.png
Comment #38
caspervoogt CreditAttribution: caspervoogt at Plethora commentedI don't know why I didn't think of clearing Drupal's cache, but I did and now patch #32 works just as expected. Thanks also for explaining about /imce-get-uuid. That is good.
Comment #39
Alan D. CreditAttribution: Alan D. commentedCSRF issue
Say you have the link, /delete-entire-site, which is only accessible to super administrators that nukes the site (worst case example I could think of).
The hacker could also post to another domain and get the super admin to visit. If the super admin was logged in, the exact same thing would happen.
Clearly this is not critical in this case, but it still messes with the core config that can be used to cause a nuisance issue for administrators of the site.
D7 used special links for these actions, non-caching tokens based on the admin session key & URL, but I am not up with what D8 does to protect against this kind of request.
Comment #40
thallesFollow a patch!
Added a xss filter, about the uri, the
File.getUrl()
cause the issue when reopen properties of image.Comment #41
thallesPlease guys, check out the new patch.
Comment #42
thallesComment #43
kienan91 CreditAttribution: kienan91 commentedYour code need has baseURL in $.getJSON() , because which error when project web is sub folder.
Comment #44
andrey.troeglazov CreditAttribution: andrey.troeglazov at DrupalJedi commentedAlso there is wrong position of brackets
+class ImceController extends ControllerBase
+{
+ public function adminOverview(Request $request)
+ {
+ public function page($scheme, Request $request)
+ {
+ public function checkAccess($scheme)
+ {
+ public function getUuid(Request $request)
+ {
it should be on the same line with method declaration
Comment #45
thallesNew patch coming up.
Comment #46
thallesUse of baseUrl broken adress image on modal properties
Comment #47
thallesThe #43 works!
#45commited!
Comment #50
medinasod CreditAttribution: medinasod commentedHey @thalles what version was the committed patch created from? Thanks.
Comment #51
ufku CreditAttribution: ufku commentedRe-implemented uuid support
Removed imce-get-uuid path in favor of ajax operation "uuid"
Removed uuid loading on init for the sake of performance
Please wait for enough people to review the patches before committing.
IMCE's priorities are performance and security. Please test for them thoroughly.
Comment #52
medinasod CreditAttribution: medinasod commentedThank you @ufku. I'm uploading a version of your patch for those using a composer.patches.json file in their root directory.