secure = 1

A place for users and developers of the Xataface to discuss and receive support.

secure = 1

Postby sim » Wed Jan 04, 2012 10:28 am

Hi all,

I need help with securing direct access to the download directory.

The files are stored on the file system , .htaccess has "Deny from all" and every thing works as it should i.e. no one can directly access the download directory and xataface correctly converts the links to "-action=getBlob"

The problem is that the downloaded file is always corrupt (Even when logged in with root user). The files opens correctly when the secure = 1 directive is commented out and the problem returns when it is switched on.

Fiddling further revels that once secure = 1 is switched on xataface automatically injects space/line break at the beginning of the downloaded document and an application when tries to access the file sees it as corrupted. Just to be sure i have manually removed the line break once a file is downloaded with secure =1 and the file contents are rendered without an issue. Is there a way to avoid this behavior?
Update - pdfs render fine!

Thanks
sim
 
Posts: 12
Joined: Fri Dec 02, 2011 2:35 am

Re: secure = 1

Postby shannah » Thu Jan 05, 2012 6:23 am

Hmm.. This is strange. It is possible that some extra whitespace at the end of a delegate class could be finding its way in there.
Verify that any PHP scripts included don't have any whitespace before the <? and after the ?> tags. Best practice is just to omit the closing ?> (PHP automatically assumes it is at the end of the script in this case).

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: secure = 1

Postby sim » Thu Jan 05, 2012 12:03 pm

Thanks Steve. I removed the trailing ?> but the problem persists. Only occurs in .doc .docx .xsl etc formats. Unsure why this behavior. Currently using .htaccess and other means to partially thwart direct access.
sim
 
Posts: 12
Joined: Fri Dec 02, 2011 2:35 am

Re: secure = 1

Postby shannah » Mon Jan 09, 2012 12:42 pm

Are you storing the mimetype of the file in a separate field? It would be interesting to look at the raw HTTP response from the web server for these things to see if and where it is adding a new line to the response.
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: secure = 1

Postby sim » Tue Jan 10, 2012 3:54 am

Thanks Steve,

The only diiference between the raw output is binary type and content length header, also I am not using mimetype etc and here is how fields.ini looks like:
#########################################################
[xxxxxx]
widget:label = "App"
validators:required = 1
order=42
group=mandatory
widget:type = file
allowed_extensions = doc,docx,rtf
Type=container
savepath=tables/files
visibility:list=hidden
secure = 1
visibility:find=hidden

####################################
SECURE = 1
####################################

<request>
GET /xxx/index.php?-action=getBlob&-table=xxx&-field=xxx&-index=0&id=145 HTTP/1.1

Host: xxx

User-Agent: Mozilla/5.0 (Ubuntu; X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Proxy-Connection: keep-alive

Referer: http://xxx/index.php?-table=xxx&-action ... 3Fid%3D145

Cookie: 84ed7f5888ea7637e37fe7edb158c05b=uoij0nvedg7kug5pvdago6thh3; dataface__lang=en; PHPSESSID=bii5d02vrhliajq3qiu8asobn5


<response>

HTTP/1.1 200 OK

Date: Tue, 10 Jan 2012 09:54:50 GMT

Server: Apache/2.2.17 (Ubuntu) PHP/5.3.5-1ubuntu7.3 with Suhosin-Patch

X-Powered-By: PHP/5.3.5-1ubuntu7.3

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

Set-Cookie: PHPSESSID=bii5d02vrhliajq3qiu8asobn5; expires=Wed, 11-Jan-2012 09:54:50 GMT; path=/

Content-disposition: attachment; filename="xxx.doc"

Content-Type: application/vnd.ms-excel; charset=binary

Content-Length: 399873



￐ᅬ¢ᄀᄆ£\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00>\00\00\EF\BF\BE\EF\BF\BF \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00\00\00\00\00ᅦ\00\00\00\00\00\EF\BF\BE\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00%\00\00&\00\00'\00\00*\00\00ᅨ\00\00t\00\00�\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF↓ᆬ￁\00[タ \00\00￸﾿\00\00\00\00\00\00\00\00\00\00\00\00\007Y\00\00bjbjᆲᆲ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00A^\00ᅫミ\00ᅫミ\00뿌\00\00\00\00\00\00-\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᄋ\00\00\00\00\00ニ\00\00\00\00\00\00ニ\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00￯\00\00\00\00\00\00￯\00\00\00\00\00\00￯\00\008\00\00\00'\00\00\00\00;\00\00￴\00\00\00￯\00\00\00\00\00\00"メ\00\00ヤ\00\00/\00\00¬\00\00"\00\00\00\00\00'"\00\00\00\00\00\00'"\00\00\00\00\00\00'"\00\00\00\00\00\007$\00\00~\00\00ᄉ&\00\00ᄐ\00\00\00q'\00\00`\00\00\00ᄀム\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᄊヤ\00\00ᄁ\00\00Xラ\00\00N\00\00\00ᆪム\00\009\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\007$\00\00\00\00\00\007$\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ᆪム\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00\00\00\00\00\00\00\00\00'"\00\00\00\00ᅵム\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00\00\00\00\00￑'\00\00ᆴ\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00ᄀム\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00ᄀム\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00ᅭ\00\00ᄅテ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅰヘ\00\00\00\00\00\00'"\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00￁%ペᅩ\00\00\00\00\00\00\00\00￯\00\00\00\00\00\00)\00\00\00\00￁ヌ\00\00^\00\00\00\00\00\00\00\00\00\00\00ヘム\00\00\00\00\00￲ム\00\000\00\00\00"メ\00\00\00\00\00\00ネ\00\00ᄊ\00\00ᆭラ\00\00\00\00\00\00ナ*\00\00ᄒ\00\00\00ᆭラ\00\00ᄐ\00\00\00ᅰヘ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅰヘ\00\00\00\00\00ᆭラ\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00←ヘ\00\00ᄂ\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00C+\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00"メ\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00ᆭラ\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ニ\00\00 \00\00ᄀ\00\00:\00\00\00\00\00 \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00

READEABLE TEXT STARTS

####################
SECURE = 0
####################

<Request>

GET /xxx/tables/xxx/xxx/xxx.doc HTTP/1.1

Host: xxx

User-Agent: Mozilla/5.0 (Ubuntu; X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Proxy-Connection: keep-alive

Referer: http://xxx/index.php?-table=xxx&-action ... 3Fid%3D145

Cookie: 84ed7f5888ea7637e37fe7edb158c05b=uoij0nvedg7kug5pvdago6thh3; dataface__lang=en; PHPSESSID=bii5d02vrhliajq3qiu8asobn5


<Response>

HTTP/1.1 200 OK

Date: Tue, 10 Jan 2012 09:58:55 GMT

Server: Apache/2.2.17 (Ubuntu) PHP/5.3.5-1ubuntu7.3 with Suhosin-Patch

Last-Modified: Tue, 10 Jan 2012 08:07:25 GMT

ETag: "d60056-61a00-4b62801682764"

Accept-Ranges: bytes

Content-Length: 399872

Content-Type: application/msword



￐ᅬ¢ᄀᄆ£\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00>\00\00\EF\BF\BE\EF\BF\BF \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00\00\00\00\00ᅦ\00\00\00\00\00\EF\BF\BE\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00%\00\00&\00\00'\00\00*\00\00ᅨ\00\00t\00\00�\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF↓ᆬ￁\00[タ \00\00￸﾿\00\00\00\00\00\00\00\00\00\00\00\00\007Y\00\00bjbjᆲᆲ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00A^\00ᅫミ\00ᅫミ\00뿌\00\00\00\00\00\00-\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᄋ\00\00\00\00\00ニ\00\00\00\00\00\00ニ\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00￯\00\00\00\00\00\00￯\00\00\00\00\00\00￯\00\008\00\00\00'\00\00\00\00;\00\00￴\00\00\00￯\00\00\00\00\00\00"メ\00\00ヤ\00\00/\00\00¬\00\00"\00\00\00\00\00'"\00\00\00\00\00\00'"\00\00\00\00\00\00'"\00\00\00\00\00\007$\00\00~\00\00ᄉ&\00\00ᄐ\00\00\00q'\00\00`\00\00\00ᄀム\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᄊヤ\00\00ᄁ\00\00Xラ\00\00N\00\00\00ᆪム\00\009\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\007$\00\00\00\00\00\007$\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ᆪム\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00\00\00\00\00\00\00\00\00'"\00\00\00\00ᅵム\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00\00\00\00\00￑'\00\00ᆴ\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00ᄀム\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00ᄀム\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00ᅭ\00\00ᄅテ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅰヘ\00\00\00\00\00\00'"\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00￁%ペᅩ\00\00\00\00\00\00\00\00￯\00\00\00\00\00\00)\00\00\00\00￁ヌ\00\00^\00\00\00\00\00\00\00\00\00\00\00ヘム\00\00\00\00\00￲ム\00\000\00\00\00"メ\00\00\00\00\00\00ネ\00\00ᄊ\00\00ᆭラ\00\00\00\00\00\00ナ*\00\00ᄒ\00\00\00ᆭラ\00\00ᄐ\00\00\00ᅰヘ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅰヘ\00\00\00\00\00ᆭラ\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00←ヘ\00\00ᄂ\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00C+\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00"メ\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00ᆭラ\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ニ\00\00 \00\00ᄀ\00\00:\00\00\00\00\00 \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00

##############################
READABLE TEXT STARTS
##############################

I can however confirm secure=1 works as it should as I have tested it in another test environment which leads me to the conclusion that the issue is local. I will figure this out and share with all.

Thanks again
sim
 
Posts: 12
Joined: Fri Dec 02, 2011 2:35 am

Re: secure = 1

Postby shannah » Tue Jan 10, 2012 11:49 am

What version of Xataface are you using? The headers seem to be coming in a different order than they the code suggests. The Content-Disposition header is the last one that is output in the code that I'm looking at here.

However I can't be sure that PHP doesn't rearrange the headers itself.
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: secure = 1

Postby sim » Tue Jan 10, 2012 11:31 pm

Thanks I'll dig deeper and will share the finding
sim
 
Posts: 12
Joined: Fri Dec 02, 2011 2:35 am

Re: secure = 1

Postby simbioc » Fri Mar 16, 2012 3:10 am

The following solved the issue:

Added
ob_clean()
at approximately line # 139 in blog.php i.e.
xataface/Dataface/Application/blob.php
Just after these two lines:

header('Content-type: '.$rec->getMimetype($fieldname));
header('Content-disposition: attachment; filename="'.basename($rec->val($fieldname)).'"');
ob_clean();

and now doc, docx etc all render as they should.
Not been able to however find an answer to why it worked with secure = 0

Thank you all
simbioc
 
Posts: 4
Joined: Fri Mar 16, 2012 3:03 am

Re: secure = 1

Postby shannah » Fri Mar 16, 2012 9:40 am

Do you make any calls to ob_start() in your application (e.g. in your index.php file?)
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: secure = 1

Postby simbioc » Fri Mar 16, 2012 6:23 pm

No steve,

BTW Version 2 is long awaited and am really hoping it includes dynamic uploads.
Thanks for all your hardwork
simbioc
 
Posts: 4
Joined: Fri Mar 16, 2012 3:03 am

Re: secure = 1

Postby shannah » Fri Mar 16, 2012 8:22 pm

My guess is that you must have some white space in one of your delegate classes (after a closing ?> tag or before a <?php tag). You should try to hunt down this problem as it could cause problems elsewhere also.

As for version 2 it is still under active development.. Some things are being worked out. The ajax upload widget is complete (though requires 2.0 to work).
http://xataface.com/dox/modules/ajax_upload/latest/

Still don't have an exact release date for 2.0.... There are a number of things that still are being finalized.
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 8 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved