CKeditor CKfinder 安全配置记录

时常会用到编辑器，CK的安全漏洞还是需要及时补上的，当然首先要把所有的不必要文件全部删除，比如html,txt,php等等。

一、CKeditor 过滤不安全的HTML标签

      //编码
      public static string EncodeStr(string str)
      {
         //将输入字符串编码,策略：" 默认禁止，显式允许”
         str = Regex.Replace(str, @"<html[^>]*?>.*?</html>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<html[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<body[^>]*?>.*?</body>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<body[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<meta[^>]*?>.*?</meta>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<meta[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<frame[^>]*?>.*?</frame>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<frame[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<frameset[^>]*?>.*?</frameset>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<frameset[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<iframe[^>]*?>.*?</iframe>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<iframe[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<layer[^>]*?>.*?</layer>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<layer[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<ilayer[^>]*?>.*?</ilayer>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<ilayer[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<applet[^>]*?>.*?</applet>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<applet[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<script[^>]*?>.*?</script>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<script[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         
         //flash
         str = Regex.Replace(str, @"<embed[^>]*?>.*?</embed>", "",
        RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<embed[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<object[^>]*?>.*?</object>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<object[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         //link style
         str = Regex.Replace(str, @"<link[^>]*?>.*?</link>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<link[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<style[^>]*?>.*?</style>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<style[^>]*?/>", "",
         RegexOptions.IgnoreCase);

         //img
         str = Regex.Replace(str, @"<img[^>]*?>.*?</img>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<img[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         //hyperLink
         str = Regex.Replace(str, @"<a[^>]*?>.*?</a>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<a[^>]*?/>", "",
         RegexOptions.IgnoreCase);

         str = Regex.Replace(str, @"<form[^>]*?>.*?</form>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<form[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<input[^>]*?>.*?</input>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<input[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<textarea[^>]*?>.*?</textarea>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<textarea[^>]*?/>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<select[^>]*?>.*?</select>", "",
         RegexOptions.IgnoreCase);
         str = Regex.Replace(str, @"<select[^>]*?/>", "",
         RegexOptions.IgnoreCase);

         return HttpUtility.HtmlEncode(str);
      }

      //解码
      public static string DecodeStr(string encodeStr)
      {
         return HttpUtility.HtmlDecode(encodeStr);
      }

二、CKfinder 上传权限

   在config.ascx文件判断上传权限

public override bool CheckAuthentication()
{
    //判断权限相关代码
    return true;
}

三、上传文件自动重命名
需要修改CKfinder源码
1.打开/Settings/ConfigFile.cs文件，添加一个属性：public bool RandomReName;

2.打开/Connector/Config.cs文件，添加一个属性：
  public bool RandomReName
  {
    get { return Settings.ConfigFile.Current.RandomReName; }
  }

3.打开/Connector/CommandHandlers/FileUploadCommandHandler.cs文件
在获取文件后缀名后面，增加修改文件名的代码
string sExtension = System.IO.Path.GetExtension(sFileName);
sExtension = sExtension.TrimStart('.');
if (Config.Current.RandomReName)
{
   sFileName = Guid.NewGuid() + "." + sExtension;
}
这里使用了GUID作为新的上传文件名，重新编译DLL供项目引用

四、上传文件大小限制
要在config.ascx里加上限制 type.MaxSize = 307200;

这个参数容易引起误会，并不是对上传前原文件的尺寸限制，而是经CKfinder 上传压缩后的尺寸限制，这里我限制了300K大小

五、上传图片对话框的功能隐藏，上传Flash以此类推
在CKeditor/plugins/image/dialogs/image.js 里修改相应的代码

1.隐藏浏览服务器按钮
查找关键字 {type:"button",id:"browse" 修改属性： style:"display:none;

2.隐藏 超链接 选项卡
查找关键字 {id:"Link",  修改属性：hidden:1

3.隐藏 高级 选项卡
查找关键字 {id:"advanced" ,增加属性：hidden:1