You mean this?
https://www.drupal.org/project/ckeditor5 β
It says it's not supported. You mean you updated the Drupal 7 sites to Drupal 9/10?
Would it not be possible to pull that release into this module? I've got a situation where upgrading to Ckeditor5 causes breakage on a D10 upgrade. I'd obviously like to get it upgraded and that issue resolved, but finding the time...
I think the issue is the 4.24.x-LTS is the "commercial" flavor of the plugin. So yes, you can use this. But most of us are sitting here scratching our heads over the "suddenly commercial" license and looking for alternatives.
I'm looking at the security details here:
https://security.snyk.io/package/npm/ckeditor4/4.14.0
It looks like the issue is in this file specifically:
/core/htmlparser.js
On my D7 site, using ckeditor 7.x-1.22, I renamed the file like this, to disable it:
/sites/all/libraries/ckeditor/_source/core/htmlparser-suspect.js
Then I went back into the site and was able to edit / save / etc.
There was a reference to this file too:
/public_html/sites/all/libraries/ckeditor/_samples/ajax.html
I renamed it like this to be safe:
/public_html/sites/all/libraries/ckeditor/_samples/ajax-disable.html
In a few weeks I plan on removing these files altogether because they don't seem to be mission critical ^
Thanks,
-Nate
I'm reading here:
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v...
It looks like this vulnerability only applies if you have "Full Page Editing" enabled? Or the Advanced Configuration re: CDATA? Can someone double check my math, etc? It seems like for most private D7 sites, where you only have a few admins, the general public never touches ckeditor... this doesn't apply?
I was able to work around this error:
Uncaught PHP Exception Drupal\\Core\\Entity\\EntityStorageException: "SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'token' at row 1: INSERT INTO "oauth2_server_token" ("client_id", "uid", "type", "token",
By modifying the oaht2_server_token table - change the "token" column to type=text
That'll allow for a longer token value and not throw the exception
However, I'm still getting this error after fixing it:
bad_signature
invalid_token
Any help would be appreciated
I'm in the process of trying to use Drupal + Simple_Oauth as the single sign on server for Synapse / Matrix.
When I set up the configuration for OpenID Connect in Synapse homeserver.yaml file, it was getting a 403 forbidden error when it tried to connect to the /oauth/jwks endpoint.
Just to document my solution I retrieved my public.key value from Simple_Oauth module
Then I used this this converter tool:
https://russelldavies.github.io/jwk-creator/
And created /.well-known/jwks file by hand
That allowed Synapse to start up with the homeserver.yaml settings intact - yay!
However, when I tried to use app.element.io to log in using Drupal, Synapse was giving this "not canonical" error:
2023-01-26 17:36:53,521 - synapse.rest.client.login - 621 - INFO - GET-80 - Requested URI https://matrix.covingtoncreations.net/_matrix/client/r0/login/sso/redirect/oidc-drupal?redirectUrl=https%3A%2F%2Fapp.element.io%2F is not canonical: redirecting to https://covingtoncreations.net/_matrix/client/r0/login/sso/redirect/oidc-drupal?redirectUrl=https%3A%2F%2Fapp.element.io%2F
2023-01-26 17:36:53,522 - synapse.access.http.8008 - 460 - INFO - GET-80 - 10.0.0.1 - 8008 - {None} Processed request: 0.002sec/-0.001sec (0.000sec, 0.000sec) (0.000sec/0.000sec/0) 0B 302 "GET /_matrix/client/r0/login/sso/redirect/oidc-drupal?redirectUrl=https%3A%2F%2Fapp.element.io%2F HTTP/1.1" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0" [0 dbevts]
It's trying to get back to matrix.example.com but for some reason it's passing it over to example.com, the matrix server isn't able to actually process the remainder.
I'm in the process of trying to use Drupal + Simple_Oauth as the single sign on server for Synapse / Matrix.
When I set up the configuration for OpenID Connect in Synapse homeserver.yaml file, it was getting a 403 forbidden error when it tried to connect to the /oauth/jwks endpoint.
Just to document my solution I retrieved my public.key value from Simple_Oauth module
Then I used this this converter tool:
https://russelldavies.github.io/jwk-creator/
And created /.well-known/jwks file by hand
That allowed Synapse to start up with the homeserver.yaml settings intact - yay!
However, when I tried to use app.element.io to log in using Drupal, Synapse was giving this "not canonical" error:
2023-01-26 17:36:53,521 - synapse.rest.client.login - 621 - INFO - GET-80 - Requested URI https://matrix.covingtoncreations.net/_matrix/client/r0/login/sso/redirect/oidc-drupal?redirectUrl=https%3A%2F%2Fapp.element.io%2F is not canonical: redirecting to https://covingtoncreations.net/_matrix/client/r0/login/sso/redirect/oidc-drupal?redirectUrl=https%3A%2F%2Fapp.element.io%2F
2023-01-26 17:36:53,522 - synapse.access.http.8008 - 460 - INFO - GET-80 - 10.0.0.1 - 8008 - {None} Processed request: 0.002sec/-0.001sec (0.000sec, 0.000sec) (0.000sec/0.000sec/0) 0B 302 "GET /_matrix/client/r0/login/sso/redirect/oidc-drupal?redirectUrl=https%3A%2F%2Fapp.element.io%2F HTTP/1.1" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0" [0 dbevts]
It's trying to get back to matrix.example.com but for some reason it's passing it over to example.com, the matrix server isn't able to actually process the remainder.