Re: Problem uploading (some) HTML files with PL/SQL Gateway
Date: Fri, 30 Jan 2004 09:20:30 -0500
Message-ID: <hpOdnQ5jdMPS9YfdRVn_iw_at_comcast.com>
"drew" <andrew_toropov_at_hotmail.com> wrote in message
news:b71c4ae4.0401290706.2dbb0b11_at_posting.google.com...
| "Mark C. Stock" <mcstockX_at_Xenquery .com> wrote in message
news:<3oOdnWYfp_lyQIvdRVn-jA_at_comcast.com>...
| > "Andy Hardy" <junkmail_at_[127.0.0.1]> wrote in message
| > news:AAT8sLBU$rFAFwCv_at_[127.0.0.1]...
| > | In message <n7KdncvOQY3BDIjdRVn-sA_at_comcast.com> , Mark C. Stock
| > | <mcstockX_at_Xenquery.com> writes
| > | >It appears that the PL/SQL gateway document upload cannot (or will
not)
| > | >upload a file that appears to have an HTML anchor in it (although
extra
| > | >whitespace does spoof it, if indeed, it's rejecting the file on
purpose.
| > | >
| > | >After a lot of testing, I ended up with this fragment of HTML that
causes
| > | >the PL/SQL Gateway upload routine to fail:
| > | >
| > | ><a href="javascript:alert('set
| > all');"><small><em>All</em></small></a></td>
| > | >
| > | >get rid of the '<' or the '=', and the file loads with no problem.
| > | >
| > | >Has anybody else experienced this or is anybody aware of any
documention
| > on
| > | >this?
| > | >
| > |
| > | In what way does it 'fail'? I've not had the same problems, but have
| > | been surprised at the 'document parts' not being uploaded - the
| > | documentation makes it sound as if the embedded links turn up as
| > | documents in their own right into the 'documents parts' table... but
| > | they don't...
| > |
| > | --
| > | Andy Hardy. PGP ID: 0xA62A4849
| > | >
| > well, it fails totally and gracelessly --
| >
| > here's the test proc modified from the PL/SQL Gateway manual's example:
|
> --------------------------------------------------------------------------
--Received on Fri Jan 30 2004 - 15:20:30 CET
| > ---------------
| > procedure simple_upload_test (
| > file in varchar2 default null
| > )
| > is
| > begin
| >
| > htp.p('<html>');
| > htp.p('<head>');
| > htp.p('<title>test upload</title>');
| > htp.p('</head>');
| > htp.p('<body>');
| >
| > if file is not null
| > then
| > htp.p('<p>File uploaded: ' || file ||'</p>');
| > end if;
| >
| > htp.p('<FORM enctype="multipart/form-data"');
| > htp.p('action="simple_upload_test"');
| > htp.p('method="POST">');
| > htp.p('<table>');
| > htp.p('<tr><td>File to upload:<td><INPUT type="file" name="file">');
| > htp.p('<tr><td><td><INPUT type="submit" value="Upload">');
| > htp.p('</table>');
| > htp.p('</FORM>');
| > htp.p('</body>');
| > htp.p('</html>');
| >
| > end simple_upload_test;
| > | > -------------------------------------------------------------------------- --
| > ---------------
| > notice that the procedure calls itself via the form action
| >
| > if you create a file with the content noted in the OP, it will result in
| > HTTP 404, referencing 'simple_upload_test' in the URL -- which is the
| > gateway's way of telling you that either the file upload procedure
failed or
| > the call to the specified URL had incorrect parameters or was just
totally
| > bogus.
| >
| > however, taking out the '<' in the '<a....>' tag or the '=' in the
'href'
| > attribute allows the file to be uploaded without incident
| >
| > versions:
| >
| > mod_plsql v3.0.9.0.7 in the 8.1.7 (local w2k test environment) and above
| > (sorry, can't get the exact version on my client's server until
thursday --
| > but i believe it's 9iAS r2, database is 9.2.0.2.0)
| >
| > -- mcs
| | | But we did not had that problem. | The result is there http://www.dpsp-yes.com/dpsp/ntsdemo/data/upl.txt | You can even try to upload by yourself with your file for that link | http://www.dynamicpsp.com/dpsp/prod/!go?ln=p_dpsp2 drew, did you see my other post? problem was that we did not have the 'document part' table created -- mcs