Thanks Steve, Point taken about the PHP vs Windows mialing list. Having looked through mailing lists and tech docs (obviously unsuccessfully) I figured that the people more likely to have encountered this problem (and hence found a work around) would be those in the PHP/database interface community - I do apologise if this has caused any irritation. As a bit of further info (although it doesn't really solve the problem) all of these file types are still accessible through an absolute file path, as suggested below, and all MIME settings on the local machine appear to have been unchanged by the patch. The best I've been able to come up with as a solution is to use pg_lo_export to write out the files to temp directory on the server and then redirect the user there. It's not the most desireable solution and kind of defeats the purpose of a 'document depot', but it appears as though our hands are tied. Again, thanks for you suggestions Rob -----Original Message----- From: Stephen March [mailto:steve@enerds.ca] Sent: Tuesday, 22 July 2003 2:10 PM To: Ellis Robin (Bundaberg) Cc: php-db@lists.php.net Subject: Re: Inline extraction and exhibition of large objects I'll bite. First of all, if Netscape / Opera browsers are running, you can be guarenteed that it is a problem with IE, especially since you just SP'd it. The URL for the fix you described is located at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-047.asp , which if you read - describes that it had a buffer-run in an Active-X component used to launch certain types. I'm not 100% sure, but it does make mention of: The patch eliminates the vulnerability by setting the "kill bit" on the affected ActiveX control. This action, which is discussed in more detail in Microsoft Knowledge Base Article Q240797 <http://support.microsoft.com/default.aspx?scid=kb;EN-US;q240797>, has the effect of preventing a particular ActiveX control from ever being executed within Internet Explorer, regardless of the security settings on the system. If I were looking into the problem, I'd take a look to make sure the patch didn't wipe out my mime settings for the formats you described, .pdf, .xls, etc. If your're not sure, simply point your browser with an absolute path to a file http://www.yourserver.com/yourfile.pdf and see if it opens properly. It might require that you re-image your machine, and test the patch before you apply it. You should slap your sys-admins knuckles for releasing a patch without testing it fully first :) Having said that, this is a PHP list and that's waaaay too much Windows talk :) HTH ~Steve Ellis Robin (Bundaberg) wrote: >We have an internal document storage system that was developed over 6 months ago that uses PHP (4.2.0) on a Unix server with Apache to access a PostgreSQL database, with IE5.5 as the designated user browser. The system is used to store documents like .jpg, .doc, .html, .pdf, .xls etc, allowing users to search for relevant documents, downloading/viewing those documents they are interested in. This system has worked with no problems until 6-7 weeks ago when our administrators applied the Microsoft security patch Q323759 (MS02-047). Now IE5.5 and IE6 are unable to retrieve any documents that require another program to be opened for viewing, like PDFs and Word documents. On trying to access these documents the user is prompted to either Open or Save the document (an unwanted proecss, we want to just open every time where possible). Regardless of the option then chosen the following error is given: > >Internet Explorer cannot download 'filename' from 'server'. >Internet Explorer was not able to open this Internet site. The required site is either unavailable or cannot be found. Please try again later. > >Please note that the 'filename' is being exhibited as the address to the page executing the download code (show_ind_doc.php?theid=185), and 'server' is the appropriate server name. > >Images like GIFs and JPEGs, and HTML documents still open OK as they are 'viewable' within IE, it's just those that require another program that don't work. This code still works in other browsers, like Netscape and Opera. The code is below, any assistance with configuring the 'header' sections would be appreciated, the other use contributed notes on the header section of php.net have not been able to help me at this time. > ><?php > >function do_con() { > >global $connection; > >$host = "server"; >$user = "username"; >$pass = "password"; >$db = "sedocs"; >$port = "5432"; > >$connection = pg_connect ("host=$host port=$port user=$user dbname=$db"); > >if (!$connection) >{ > die("Could not open connection to database server"); >} > >} > >do_con(); > >$id = $HTTP_GET_VARS["theid"]; > >$result = pg_Exec($connection, "select * from sedocs where id = ".$id); >$row = pg_fetch_row($result, 0); >$num_rows = pg_num_rows($result); > >$id = $row[3]; >$length = $row[6]; >$filename = $row[7]; >$doctype = $row[5]; > >header('Content-Type: '.$doctype); >header('Content-Length: '.$length); >header('Content-Disposition: inline; filename="'.$filename.'"'); > >pg_exec ($connection, "begin"); > >$handle=pg_lo_open($connection, $id,"r"); >$buffer=pg_lo_read($handle, $length ); > >pg_lo_close($handle); >pg_exec ($connection, "end"); >pg_close(); > > >echo($buffer); >?> > >Thanks very much > >Rob > > >Robin Ellis >Information & Knowledge >Department of Natural Resources and Mines >PO Box 1167 >Bundaberg QLD 4670 >ph +61 7 4131 5771 >fax +61 7 4131 5823 >Robin.Ellis@nrm.qld.gov.au > > > > >************************************************************************ >The information in this e-mail together with any attachments is >intended only for the person or entity to which it is addressed >and may contain confidential and/or privileged material. >Any form of review, disclosure, modification, distribution >and/or publication of this e-mail message is prohibited. >If you have received this message in error, you are asked to >inform the sender as quickly as possible and delete this message >and any copies of this message from your computer and/or your >computer system network. >************************************************************************ > > > > ************************************************************************ The information in this e-mail together with any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any form of review, disclosure, modification, distribution and/or publication of this e-mail message is prohibited. If you have received this message in error, you are asked to inform the sender as quickly as possible and delete this message and any copies of this message from your computer and/or your computer system network. ************************************************************************ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
