Re: Problem uploading (some) HTML files with PL/SQL Gateway

From: drew <andrew_toropov_at_hotmail.com>
Date: 29 Jan 2004 07:06:58 -0800
Message-ID: <b71c4ae4.0401290706.2dbb0b11_at_posting.google.com>

"Mark C. Stock" <mcstockX_at_Xenquery .com> wrote in message news:<3oOdnWYfp_lyQIvdRVn-jA_at_comcast.com>...
> "Andy Hardy" <junkmail_at_[127.0.0.1]> wrote in message
> news:AAT8sLBU$rFAFwCv_at_[127.0.0.1]...
> | In message <n7KdncvOQY3BDIjdRVn-sA_at_comcast.com> , Mark C. Stock
> | <mcstockX_at_Xenquery.com> writes
> | >It appears that the PL/SQL gateway document upload cannot (or will not)
> | >upload a file that appears to have an HTML anchor in it (although extra
> | >whitespace does spoof it, if indeed, it's rejecting the file on purpose.
> | >
> | >After a lot of testing, I ended up with this fragment of HTML that causes
> | >the PL/SQL Gateway upload routine to fail:
> | >
> | ><a href="javascript:alert('set
> all');"><small><em>All</em></small></a></td>
> | >
> | >get rid of the '<' or the '=', and the file loads with no problem.
> | >
> | >Has anybody else experienced this or is anybody aware of any documention
> on
> | >this?
> | >
> |
> | In what way does it 'fail'? I've not had the same problems, but have
> | been surprised at the 'document parts' not being uploaded - the
> | documentation makes it sound as if the embedded links turn up as
> | documents in their own right into the 'documents parts' table... but
> | they don't...
> |
> | --
> | Andy Hardy. PGP ID: 0xA62A4849
>
>
> well, it fails totally and gracelessly --
>
> here's the test proc modified from the PL/SQL Gateway manual's example:
> ----------------------------------------------------------------------------
> ---------------
> procedure simple_upload_test (
> file in varchar2 default null
> )
> is
> begin
>
> htp.p('<html>');
> htp.p('<head>');
> htp.p('<title>test upload</title>');
> htp.p('</head>');
> htp.p('<body>');
>
> if file is not null
> then
> htp.p('<p>File uploaded: ' || file ||'</p>');
> end if;
>
> htp.p('<FORM enctype="multipart/form-data"');
> htp.p('action="simple_upload_test"');
> htp.p('method="POST">');
> htp.p('<table>');
> htp.p('<tr><td>File to upload:<td><INPUT type="file" name="file">');
> htp.p('<tr><td><td><INPUT type="submit" value="Upload">');
> htp.p('</table>');
> htp.p('</FORM>');
> htp.p('</body>');
> htp.p('</html>');
>
> end simple_upload_test;
>
> ----------------------------------------------------------------------------
> ---------------
> notice that the procedure calls itself via the form action
>
> if you create a file with the content noted in the OP, it will result in
> HTTP 404, referencing 'simple_upload_test' in the URL -- which is the
> gateway's way of telling you that either the file upload procedure failed or
> the call to the specified URL had incorrect parameters or was just totally
> bogus.
>
> however, taking out the '<' in the '<a....>' tag or the '=' in the 'href'
> attribute allows the file to be uploaded without incident
>
> versions:
>
> mod_plsql v3.0.9.0.7 in the 8.1.7 (local w2k test environment) and above
> (sorry, can't get the exact version on my client's server until thursday --
> but i believe it's 9iAS r2, database is 9.2.0.2.0)
>
> -- mcs

But we did not had that problem.
The result is there http://www.dpsp-yes.com/dpsp/ntsdemo/data/upl.txt You can even try to upload by yourself with your file for that link http://www.dynamicpsp.com/dpsp/prod/!go?ln=p_dpsp2 Received on Thu Jan 29 2004 - 16:06:58 CET

This message: [ Message body ]
Next message: Vince Laurent: "Re: Snapshot synchronization and monitor tools"
Previous message: Ivan Vasquez: "RMAN and obsolete backups"
Maybe in reply to: Mark C. Stock: "Problem uploading (some) HTML files with PL/SQL Gateway"
In reply to Mark C. Stock: "Re: Problem uploading (some) HTML files with PL/SQL Gateway"
Next in thread: Vince Laurent: "Re: Snapshot synchronization and monitor tools"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message