Classic ASP: replacing a string - vbscript

The following code:
Dim url
url = fso.GetAbsolutePathName(objFile)
gives me
C:\KB\Dev\Java.htm
Then, when I write it as an href:
Response.Write("<a href='" + url + "'>" + objFile.Name + "</a><br>")
the link is translated in browser into:
file:///C:/KB/Dev/Java/Java.htm
whereas I will need it to be
file://172.20.4.107/c$/KB/Dev/Java/Java.htm
or else, the link won't be valid for navigation.
I was trying:
url = Replace(url, "///", "//172.20.4.107/")
url = Replace(url, "c:", "c$")
Response.Write(url & "<br>")
but nothing seems to be changed.

What #Keith suggested is absolutely fine but you will encounter issue with various degrees in most modern browsers due to hyper linking from local file links being blocked as they're a security risk.
A more robust solution is to not use local file links and negate the risk completely. If you have access to IIS (If you are using Classic ASP you likely have access to IIS in some form) you can do this by creating a Virtual Directory that points to your remote computer share and lock down the permissions as you see fit.
Say you set-up a Virtual Directory to point to alias KB you could then access it;
http://yourhost/KB/dev/java.htm
If the Virtual Directory was mapped to
\\172.20.4.107\c$\KB\
However we can take it a stage further, Admin Shares such as c$ are not configurable and there for the system to use. To have better control over the mapped directory create a share KB for example on the remote computer and set the NTFS permissions as appropriate then point the Virtual Directory to;
\\172.20.4.107\KB\
You can also call the share KB$ to hide the share from network browsers.
\\172.20.4.107\KB$\
Useful Links
How to create a virtual directory on an existing Web site to a folder that resides on a remote computer

You're trying to replace /// but these characters are not in your url variable. url is C:\KB\Dev\Java.htm.
Try this instead:
url = Replace(url, "\", "/")
url = Replace(url, "C:/", "file://172.20.4.107/c$/")
Also keep in mind that it is the end user's browser that is converting your C:\... path to the file://... format. That is not happening in your ASP code.

Related

Firefox web extension - read local file (last downloaded file)

Im creating a web extension and porting from XUL. I used to be able to easily read files with
var dJsm = Components.utils.import("resource://gre/modules/Downloads.jsm").Downloads;
var tJsm = Components.utils.import("resource://gre/modules/Task.jsm").Task;
var fuJsm = Components.utils.import("resource://gre/modules/FileUtils.jsm").FileUtils;
var nsiPromptService = Components.classes["#mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
....
NetUtil.asyncFetch(file, function(inputStream, status) {
if (!Components.isSuccessCode(status)) {
return;
}
var data = NetUtil.readInputStreamToString(inputStream, inputStream.available());
var data = window.btoa(data);
var encoded_data_to_send_via_xmlhttp = encodeURIComponent(data);
...
});
This above will be deprecated.
I can use the downloads.download() to know what was the last download but I can NOT read the file and then get the equivalent for encoded_data_to_send_via_xmlhttp
Also in Firefox 57 onwards, means that I have to try to fake a user action by a button click or something, or upload a file.
Access to file:// URLs or reading files without any explicit user input
isnt there an easy way to read the last downloaded file?
The WebExtension API won't allow extensions to read local files anymore. You could let the extension get CORS privilege and read the content directly from the URL via fetch() or XMLHttpRequest() as blob and store directly to IndexedDB or memory, then encode and send to server. This comes with many restrictions and limitations such as to which origin you can read from and so forth.
Also, this would add potentially many unneeded steps. If the purpose is, as it seem to be in the question at the moment, to share the downloaded file with a server, I would instead suggest that you obtain the last DownloadItem object, extract the URL (.url) from that object and send the URL back to server.
This way the server can load directly from that URL (and encode it on server if needed). The network load will be about the same (a little less actually since there is no Base64 encoding involved which adds 33% to the size), and much less load on the client. The server would read the data as a binary/byte data stream; about the same as if the data was sent directly from the extension.
To obtain the last downloaded file you would do the following from a privileged script:
browser.downloads.search({
limit: 1,
orderBy: ["-startTime"]
})
.then(getLastDownload);
function getLastDownload(downloads) {
if (downloads.length) {
var url = downloads[0].url;
// ... send url to the server and let server fetch the data from it directly
}
}
According to this support mozilla question.
(2) Local file security
Firefox limits access from pages on web servers to pages on local disk or UNC paths. [...]).
Which solution ?
Use local-filesystem-links firefox addon (not tested)
and/or
run a small local webserver on client side, supposing server was run with sufficient privileges, you may finally access any local content via http:// (but still cannot with file:///)

Prevent external files in src of iframe from being cached (with CloudFlare)

I am trying to make a playground like plunker. I just noticed a very odd behavior on production (with active mode in Cloudflare), whereas it works well in localhost.
By iframe, the playground previews index_internal.html which may contain links to other files (eg, .html, .js, .css). iframe is able to interpret external links such as <script src="script.js"></script>.
So each time a user modifies their file (eg, script.js) on the editor, my program saves the new file into a temporary folder on the server, then refresh the iframe by iframe.src = iframe.src, it works well on localhost.
However, I realized that, in production, the browser always keeps loading the initial script.js, even though users modify it in the editor and a new version is written in the folder in the server. For example, what I see in Dev Tools ==> Network is always the initial version of script.js, whereas I can check the new version of script.js saved in the server by less on the left hand.
Does anyone know why it is like this? And how to fix it?
Edit 1:
I tried the following, which did not work with script.js:
var iframe = document.getElementById('myiframe');
iframe.contentWindow.location.reload(true);
iframe.contentDocument.location.reload(true);
iframe.contentWindow.location.href = iframe.contentWindow.location.href
iframe.contentWindow.src = iframe.contentWindow.src
iframe.contentWindow.location.replace(iframe.contentWindow.location.href)
I tried to add a version, it worked with index_internal.html, but did not reload script.js:
var newSrc = iframe.src.split('?')[0]
iframe.src = newSrc + "?uid=" + Math.floor((Math.random() * 100000) + 1);
If I turn Cloudflare to development mode, script.js is reloaded, but I do want to keep Cloudflare in active mode.
I found it.
We can create a custom rule for caching in CloudFlare:
https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-#cache
For example, I could set Bypass as Cache Level for the folder www.mysite.com/tmp/*.

How to convert IHTMLImgElement to image

I am automating Internet Explorer using SHDocVW.dll and MSHTML with C#, and I wish to save an image from the page to the disk (JPEG format).
I can't use the WebClient class to download the image; if I do it, I end up downloading the site's login page. I can't print the screen either, because the browser has to remain invisible during this process, running in the background.
I have tried to do the following:
IHTMLImgElement imgElement = ...;
IHTMLControlRange imgRange = ...;
imgRange.add(imgElement as IHTMLControlElement);
imgRange.execCommand( "copy", false, null );
This does nothing. I am not able to extract anything from the clipboard. Every solution I found didn't work for me.
Your webclient approach is probably missing cookies... see How do I log into a site with WebClient? for an example that handles cookies.
your code looks fine except the user has to change the security setting to enable clipboard access. If the image is cached on disk you can dig the WinInet cache after parsing the page for the image location.

How to upload file on another domain?

I have an external hosting server.
On that server I have 2 domains:
www.dom1.com
www.dom2.com
On www.dom1.com I have my whole web page (in Codeigniter). One of the functionalities is upload (users can upload their files.)
On www.dom2.com there is only one folder called upload_dom2. www.dom2.com is otherwise empty and not visible anywhere on the Internet. I would like to use it exclusively for upload. I imagine that this is a much safer way than letting the users upload their files on www.dom1.com where all my other files are (by the way, let me know if I'm wrong, please).
So, how do I do that? How do I upload a file - that user has uploaded in the framework of Codeignitors system (webpage) on www.dom1.com - in a folder called upload-dom2 on www.dom2.com
I know how to upload a file in a folder called uplod_dom1 that is located on www.dom1.com. This is a code that I use.
$pathd=$_SERVER['DOCUMENT_ROOT'];
$config['upload_path'] = $pathd.'/upload_dom1';
But as said, that is not what I want. I want to upload to www.dom2.com (in its uplod-dom2 folder).
May I know what is the correct way to achieve my objective?
Take a look at the Codeigniter FTP class. You can do this with any external website/server that supports FTP: http://ellislab.com/codeigniter/user-guide/libraries/ftp.html
Example code:
$this->load->library('ftp');
$config['hostname'] = 'ftp.example.com';
$config['username'] = 'your-username';
$config['password'] = 'your-password';
$config['debug'] = TRUE;
$this->ftp->connect($config);
$this->ftp->upload('/local/path/to/myfile.html', '/public_html/myfile.html', 'ascii', 0775);
$this->ftp->close();

FileReference.upload() doesn't upload locally

Trying to upload using flash swf on my local machine running Windows with IIS and PHP 5.3 installed.
var selected_file:FileReference = GetSelectedFile();
var url:String = 'http://localhost.com/upload.php';
var req:URLRequest = new URLRequest(url);
req.data = new URLVariables('source=' + 'computer');
req.method = URLRequestMethod.POST;
selected_file.upload(req, 'file', false);
selected_file.addEventListener(DataEvent.UPLOAD_COMPLETE_DATA, UploadComplete, false, 0, true);
selected_file.addEventListener(ProgressEvent.PROGRESS, UploadProgress, false, 0, true);
selected_file.addEventListener(IOErrorEvent.IO_ERROR, UploadError, false, 0, true);
selected_file.addEventListener(SecurityErrorEvent.SECURITY_ERROR, UploadSecurityError, false, 0, true);
I've set breakpoints on all the handler functions. I hit a breakpoint on UploadProgress handler. However, the file isn't being uploaded. When looking at network traffic there is no call to upload.php.
Looking at documentation for FileReference upload function I see this:
Uploads and downloads are not allowed if the calling SWF file is in
the local-with-filesystem sandbox
Looking at definition of local-with-filesystem sandbox I found this:
From this sandbox, executable code can read local files (by using the
URLLoader class, for example), but cannot communicate with the network
in any way. This assures the user that local data cannot be leaked out
to the network or otherwise inappropriately shared.
Does this mean there isn't a way to test uploads on local machine?
update: Supposedly I need to have Security.sandboxType as LOCAL_TRUSTED. I've been trying to set security type by adding configuration file for user and globally. Configuration file has cfg extension and contains one line, path to folder where my swf file resides.
Still after adding this configuration, Security.sandboxType is set to "remote".
According to Adobe:
The local-with-filesystem sandbox—For security purposes, Flash Player places all local SWF files and assets in the local-with-file-system sandbox, by default. From this sandbox, SWF files can read local files (by using the URLLoader class, for example), but they cannot communicate with the network in any way. This assures the user that local data cannot be leaked out to the network or otherwise inappropriately shared.
You cannot access the file system and network within one SWF instance in normal situations.
However, it appears to be possible to grant this ability to a specific SWF by adding the file to the local trusted sandbox. According to Senocular, this may be accomplished in three different ways...
SWFs run within Flex Builder 2 or the Flash Authoring environment
SWFs located in a directory the user has granted permissions for from the (online only) Global Security Settings Panel.
SWFs located in a directory specified in a Flash Player trust configuration (.cfg) file on the local system
For the Configuration File Option:
You need to compile your SWF with the local playback setting selected.
This means you need to place your configuration file in
C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\
If the folder doesn't exist you must create it.
Then create your configuration file (naming it whatever you
please.cfg) Finally, type C:\ into the file and save it.
Now your whole C:\ directory should be declared local_trusted and shouldn't have any issues contacting your server and accessing your files.

Resources