tags:

views:

135

answers:

2

I have used tinybrowser with tiny mce as a plugin (My panel is php based). When uploading, there is link like this:

www.****.com/dashboard/tiny_mce/plugins/tinybrowser/tinybrowser.php?type=image

This link can open in all browser without permission. What is the solution in this case? Could I use my admin panel's session control in tinyMce plugins?? Thanks in advance

A: 

I'll take advantage of the panel session in order to not allow users to get there without authorization. I guess you already have some scripts tha control that, so it'd be as easy as include them where you want to secure your app.

Cristian
A: 

I have solved this:

in config_tinybrowser.php you have to uncomment and configure this lines:

if(isset($_GET['sessidpass'])) session_id($_GET['sessidpass']); // workaround for Flash session bug
session_start();
$tinybrowser['sessioncheck'] = 'good-user'; //name of session variable to check