I have a form with a CkEditor WYSIYWG textarea input.
To enable file upload, I uploaded a CkEditor extension to my site’s public folder. In that folder is a file ‘index.html’ which is used for handling the file upload.
The only problem now is, that everybody can access this ‘index.html’ and upload or delete files to my site.
That’s why this extensions has also a file ‘security.php’ with a function checkAccess(). My question is, how can I make this file part of my application so that I can use ‘!Yii::app()->user->isGuest’ in the checkAccess() function?
But the file isn’t part of CkEditor itself, it’s like an extension.
My question is actually, how can I access ‘Yii::app()’ from a file that is not part of the framework? For example I could include ‘index.php’ of the yii application but that doesn’t work because it will load whole the site.