Re: Inline extraction and exhibition of large objects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'll bite. First of all, if Netscape / Opera browsers are running, you can be guarenteed that it is a problem with IE, especially since you just SP'd it. The URL for the fix you described is located at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-047.asp , which if you read - describes that it had a buffer-run in an Active-X component used to launch certain types. I'm not 100% sure, but it does make mention of:

The patch eliminates the vulnerability by setting the "kill bit" on the affected ActiveX control. This action, which is discussed in more detail in Microsoft Knowledge Base Article Q240797 <http://support.microsoft.com/default.aspx?scid=kb;EN-US;q240797>, has the effect of preventing a particular ActiveX control from ever being executed within Internet Explorer, regardless of the security settings on the system.

If I were looking into the problem, I'd take a look to make sure the patch didn't wipe out my mime settings for the formats you described, .pdf, .xls, etc. If your're not sure, simply point your browser with an absolute path to a file http://www.yourserver.com/yourfile.pdf and see if it opens properly. It might require that you re-image your machine, and test the patch before you apply it. You should slap your sys-admins knuckles for releasing a patch without testing it fully first :)

Having said that, this is a PHP list and that's waaaay too much Windows talk :)

HTH
~Steve


Ellis Robin (Bundaberg) wrote:


We have an internal document storage system that was developed over 6 months ago that uses PHP (4.2.0) on a Unix server with Apache to access a PostgreSQL database, with IE5.5 as the designated user browser. The system is used to store documents like .jpg, .doc, .html, .pdf, .xls etc, allowing users to search for relevant documents, downloading/viewing those documents they are interested in. This system has worked with no problems until 6-7 weeks ago when our administrators applied the Microsoft security patch Q323759 (MS02-047). Now IE5.5 and IE6 are unable to retrieve any documents that require another program to be opened for viewing, like PDFs and Word documents. On trying to access these documents the user is prompted to either Open or Save the document (an unwanted proecss, we want to just open every time where possible). Regardless of the option then chosen the following error is given:

Internet Explorer cannot download 'filename' from 'server'.
Internet Explorer was not able to open this Internet site. The required site is either unavailable or cannot be found. Please try again later.

Please note that the 'filename' is being exhibited as the address to the page executing the download code (show_ind_doc.php?theid=185), and 'server' is the appropriate server name.

Images like GIFs and JPEGs, and HTML documents still open OK as they are 'viewable' within IE, it's just those that require another program that don't work. This code still works in other browsers, like Netscape and Opera. The code is below, any assistance with configuring the 'header' sections would be appreciated, the other use contributed notes on the header section of php.net have not been able to help me at this time.

<?php

function do_con() {

global $connection;

$host = "server";
$user = "username";
$pass = "password";
$db = "sedocs";
$port = "5432";

$connection = pg_connect ("host=$host port=$port user=$user dbname=$db");

if (!$connection)
{
	die("Could not open connection to database server");
}

}

do_con();

$id = $HTTP_GET_VARS["theid"];

$result = pg_Exec($connection, "select * from sedocs where id = ".$id);
$row = pg_fetch_row($result, 0);
$num_rows = pg_num_rows($result);

$id = $row[3];
$length = $row[6];
$filename = $row[7];
$doctype = $row[5];

header('Content-Type: '.$doctype);
header('Content-Length: '.$length);
header('Content-Disposition: inline; filename="'.$filename.'"');

pg_exec ($connection, "begin");

$handle=pg_lo_open($connection, $id,"r");
$buffer=pg_lo_read($handle, $length );

pg_lo_close($handle);
pg_exec ($connection, "end");
pg_close();


echo($buffer); ?>

Thanks very much

Rob


Robin Ellis Information & Knowledge Department of Natural Resources and Mines PO Box 1167 Bundaberg QLD 4670 ph +61 7 4131 5771 fax +61 7 4131 5823 Robin.Ellis@nrm.qld.gov.au




************************************************************************
The information in this e-mail together with any attachments is
intended only for the person or entity to which it is addressed
and may contain confidential and/or privileged material.
Any form of review, disclosure, modification, distribution
and/or publication of this e-mail message is prohibited. If you have received this message in error, you are asked to
inform the sender as quickly as possible and delete this message
and any copies of this message from your computer and/or your
computer system network. ************************************************************************







[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux