[原创]蚂蚁cms的ueditor上传图片窗口提示Uncaught SecurityError:Blocked a frame with origin错误解决方法

最近的蚂蚁CMS的二次开发项目中,出现个奇怪的问题,有些电脑的发布信息的UEditor的上传图片窗口能够正常显示按钮和上传按钮,但是有些电脑的浏览器发布信息的UEditor的上传图片窗口不显示,并提示

“Uncaught SecurityError:Blocked a frame with origin错误”

分析原因:

从问题看开始以为跨域访问的权限问题,设置了ie浏览器和firefox浏览器的安全跨域访问设置,还是没有解决问题,

然后是怀疑UEditor编辑器的问题,于是去了官网查找资料,发现现在的蚂蚁CMS版本低,用的UEditor版本也是低的,替换了新版本的UEditor编辑器,替换了还是不行,

于是开始设置断点,结果发现UEditor的internal.js的断点window.formElement为null,代码如下:

dialog = parent.$EDITORUI[window.frameElement.id.replace( /_iframe$/, '' )];
//这里的windwo.frameElement为null

于是加入了为空的判断:

		if(window.frameElement)
		{
		//alert(window.frameElement.id);
		dialog = parent.$EDITORUI[window.frameElement.id.replace( /_iframe$/, '' )];
		}else{
			
		dialog = parent.$EDITORUI[parent.document.activeElement.id.replace( /_iframe$/, '' )];			
		}

我的电脑浏览器经过firebug的断点可以获取到window.parent的内容,但是客户的window.parent确获取不到

什么问题?于是开始搜索“window.parent 获取不到”找到csdn上的一个帖子

http://bbs.csdn.net/topics/220072908

“iframe页面的js中需要访问window.parent.document,本地运行正常。上传至服务器后,发现window.parent.document不能访问,没有任何错误提示。求解 ”

得到帖子内容的回复的启发:

“这要看一下parent跟self是不是同一个域名下的 ”

JavaScript的dom对象有权限访问的控制,特别是parent和self,opener和self等跨框架的访问。你看下你的window.parent.document域名跟你的域名相同不?你可以显示的使用
<script>document.domain=”你的域名”;</script>来设置父子窗口的域名 ”

怀疑是不是出在iframe的src的url地址的域名问题,结果发现iframe的src直接引用的是如下地址:

“?mod=zhengwu&amp;file=zhengwu&amp;action=add”

这个链接从哪来的?没有域名?然而编辑器中的image上传图片的窗口也是用的iframe但是src却是带域名的完整url的,如下:

“http://www.yuanmax.com/ueditor/dialogs/image/image.html”

难道是这个图片上传窗口的iframe的域名和parent页面的域名不一致?

然后继续查看整个框架页面结构,整体页面结构如下:

看来iframe-wrap的src出了问题,src的地址是”?mod=zhengwu&amp;file=zhengwu&amp;action=add”

那么iframe-wrap的src地址从哪来的?点击左侧的“发布信息”在右侧的”iframe-wrap”显示,代码如下:

<a href=”?mod=zhengwu&amp;file=zhengwu&amp;action=add” target=”iframe-wrap”>发布信息</a>

好了,来源找到了,那么开始解决问题。

解决问题:

1.先找找后台管理的左侧菜单是怎么生成的?于是找到根目录下的后台管理文件:admin.php

		if($mod!='index')
		{
			$modinfo=$moduleobj-&amp;amp;amp;amp;amp;gt;get($mod,'folder');
			$adminrole=explode(',',$modinfo['adminrole']);
			
			if($action!='main' &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; (!$modinfo || (!in_array($_roleid,$adminrole) &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; !in_array($_userid,$admin_founders))))
			{
				exit('&amp;amp;amp;amp;lt;script language="javascript"&amp;amp;amp;amp;gt;{self.top.location.href="'.ADMIN_FILE.'";}&amp;amp;amp;amp;lt;/script&amp;amp;amp;amp;gt;');
			}

			$adminmenurole=string2array($modinfo['adminmenu']);
			if($adminmenurole &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; isset($adminmenurole[$action]) &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; $action)
			{
				$adminmenurole=explode(',',$adminmenurole[$action]['role']);
				if($action!='main' &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; (!in_array($_roleid,$adminmenurole) &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; !in_array($_userid,$admin_founders)))
				{
					exit('&amp;amp;amp;amp;lt;script language="javascript"&amp;amp;amp;amp;gt;{self.top.location.href="'.ADMIN_FILE.'";}&amp;amp;amp;amp;lt;/script&amp;amp;amp;amp;gt;');
				}
			}

			if(in_array($action,array('type','type_add','role','config','grade')) &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; $_SESSION['mysiteid'] &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; $_sid)
			{
				exit('非法请求!IP:'.IP."已记录!");
			}

			if($modinfo['issystem'] &amp;amp;amp;amp;amp;amp;&amp;amp;amp;amp;amp;amp; !in_array($mod,array('member')))
			{
				include SYSTEM_ROOT.'admin/'.$file.'.inc.php';
			}
			else
			{
				include SYSTEM_ROOT.$modinfo['folder'].'/admin/load.inc.php';
			}

调取

$modinfo=$moduleobj->get($mod,'folder');
中获取模型类文件根据模型id的值$mod的获取模型的信息,模型类文件路径:include\module.class.php
	function get($id,$byfield='id')
	{
		return $this-&amp;amp;amp;gt;db-&amp;amp;amp;gt;fetch_one("SELECT * FROM `$this-&amp;amp;amp;gt;table` WHERE `$this-&amp;amp;amp;gt;table`.`$byfield`='".stripslashes($id)."'");
	}

2.调取include SYSTEM_ROOT.$modinfo[‘folder’].’/admin/load.inc.php’;模型的加载文件,加载模板

3.模板调取include\module.class.php中的adminmenu()函数:

<%%KEEPWHITESPACE%%>	function usermodule()
<%%KEEPWHITESPACE%%>	{
<%%KEEPWHITESPACE%%>		return $this-&gt;db-&gt;fetch_all("SELECT * FROM `$this-&gt;table` WHERE `$this-&gt;table`.`issystem`=0 AND `$this-&gt;table`.`status`=1 ORDER BY `$this-&gt;table`.`orderby` ASC,`$this-&gt;table`.`id` DESC");
<%%KEEPWHITESPACE%%>	}

<%%KEEPWHITESPACE%%>	function adminmenu($moduleid)
<%%KEEPWHITESPACE%%>	{
<%%KEEPWHITESPACE%%>		global $_userid,$_roleid,$admin_founders,$_sid;
<%%KEEPWHITESPACE%%>		$menu='';
<%%KEEPWHITESPACE%%>		$modinfo=$this-&gt;get(intval($moduleid));
<%%KEEPWHITESPACE%%>		$r=string2array($modinfo['adminmenu']);
<%%KEEPWHITESPACE%%>		foreach($r as $key =&gt; $_r)
<%%KEEPWHITESPACE%%>		{
<%%KEEPWHITESPACE%%>			$adminrole=explode(',',$_r['role']);
<%%KEEPWHITESPACE%%>			if(!SITETYPE || ($key!='type' &amp;&amp; $key!='type_add' &amp;&amp; $key!='role' &amp;&amp; $key!='config' &amp;&amp; $key!='grade') || !$_sid)
<%%KEEPWHITESPACE%%>			{
<%%KEEPWHITESPACE%%>				if((in_array($_roleid,$adminrole) || in_array($_userid,$admin_founders)) &amp;&amp; trim($_r['name']))
<%%KEEPWHITESPACE%%>				{
<%%KEEPWHITESPACE%%>					$menu.='</pre>
<ul>
 	<li><a href="?mod='.$modinfo&#91;'folder'&#93;.'&amp;file='.$modinfo&#91;'folder'&#93;.'&amp;action='.$key.'" target="iframe-wrap">'.$_r['name'].'</a></li>
</ul>
<pre>

';
<%%KEEPWHITESPACE%%>				}
<%%KEEPWHITESPACE%%>			}
<%%KEEPWHITESPACE%%>		}

<%%KEEPWHITESPACE%%>		return $menu;
<%%KEEPWHITESPACE%%>	}

4.好了问题找到了,这里的连接加上$LA[‘siteurl’]的网站域名,修改了代码,加入了$LA的引用,解决:

<%%KEEPWHITESPACE%%>	function usermodule()
<%%KEEPWHITESPACE%%>	{
<%%KEEPWHITESPACE%%>		return $this-&gt;db-&gt;fetch_all("SELECT * FROM `$this-&gt;table` WHERE `$this-&gt;table`.`issystem`=0 AND `$this-&gt;table`.`status`=1 ORDER BY `$this-&gt;table`.`orderby` ASC,`$this-&gt;table`.`id` DESC");
<%%KEEPWHITESPACE%%>	}

<%%KEEPWHITESPACE%%>	function adminmenu($moduleid)
<%%KEEPWHITESPACE%%>	{
<%%KEEPWHITESPACE%%>		global $_userid,$LA,$_roleid,$admin_founders,$_sid;
<%%KEEPWHITESPACE%%>		$menu='';
<%%KEEPWHITESPACE%%>		$modinfo=$this-&gt;get(intval($moduleid));
<%%KEEPWHITESPACE%%>		$r=string2array($modinfo['adminmenu']);
<%%KEEPWHITESPACE%%>		foreach($r as $key =&gt; $_r)
<%%KEEPWHITESPACE%%>		{
<%%KEEPWHITESPACE%%>			$adminrole=explode(',',$_r['role']);
<%%KEEPWHITESPACE%%>			if(!SITETYPE || ($key!='type' &amp;&amp; $key!='type_add' &amp;&amp; $key!='role' &amp;&amp; $key!='config' &amp;&amp; $key!='grade') || !$_sid)
<%%KEEPWHITESPACE%%>			{
<%%KEEPWHITESPACE%%>				if((in_array($_roleid,$adminrole) || in_array($_userid,$admin_founders)) &amp;&amp; trim($_r['name']))
<%%KEEPWHITESPACE%%>				{
<%%KEEPWHITESPACE%%>					$menu.='</pre>
<ul>
 	<li><a href="'.$LA&#91;'siteurl'&#93;.'?mod='.$modinfo&#91;'folder'&#93;.'&amp;file='.$modinfo&#91;'folder'&#93;.'&amp;action='.$key.'" target="iframe-wrap">'.$_r['name'].'</a></li>
</ul>
<pre>

';
<%%KEEPWHITESPACE%%>				}
<%%KEEPWHITESPACE%%>			}
<%%KEEPWHITESPACE%%>		}

<%%KEEPWHITESPACE%%>		return $menu;
<%%KEEPWHITESPACE%%>	}
分享到: 更多 (0)