NetTalk Central

Author Topic: Uploading files no longer works  (Read 5758 times)

ccordes

  • Sr. Member
  • ****
  • Posts: 384
    • View Profile
    • Email
Uploading files no longer works
« on: November 19, 2012, 06:27:24 PM »
I just updated to NT 6.51 and first all my headers were broken. Apparently I have some unsafe code there. Found the check box to allow that. BUT now my upload a file procedure doesn't work.
Can anyone give me a starting point where to look for an issue with the upload a file. Has something changed to affect uploading a file since 6.3? I don't see anything in the history to suggest an issue.

Thanks,
Chris C
Real programmers use copy con newapp.exe

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11244
    • View Profile
Re: Uploading files no longer works
« Reply #1 on: November 19, 2012, 09:34:37 PM »
Hi Chris,

I'd be interested to know what is in your header which might be considered "unsafe".

but that aside, I've not seen any issues with File Upload. Does the FileUpload example work for you? If it does then I guess I need to see your app to know what's happening.

cheers
Bruce

ccordes

  • Sr. Member
  • ****
  • Posts: 384
    • View Profile
    • Email
Re: Uploading files no longer works
« Reply #2 on: November 20, 2012, 08:49:51 AM »
We put a help button in each header-
Code: [Select]
<table class="MainHeading" height="20" border="0">
<tr>
<td class="MainHeading">Manage Unit Permissions</td>
<td align="right"><a href="" onClick="openHelp('ManagePermissions');"><img src="images/help.gif" width="20" border="0" height="20" /></a></td>
</tr>
</table>

so there could all manner of unsafe things here.
I'm working on the upload later today. I'll let you know what I find there as well.

Chris
Real programmers use copy con newapp.exe

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11244
    • View Profile
Re: Uploading files no longer works
« Reply #3 on: November 20, 2012, 11:15:00 PM »
Hi Chris,

yes, the onclick for starters. Indeed any JavaScript would make it "unsafe".

It should be pointed out that "unsafe" does not mean it's bad. It means you are responsible for making sure it's not malicious. The whole point of this is to prevent rogue users from "injecting" unsafe html into your site.

For example, say you allow an HTML editor on your page. Then I can enter stuff in there, including normal html tags, plus JavaScript and so on. If you then display my input verbatim, then anyone who sees my input is also running _my_ JavaScript code (that I'd "injected" on to your site.)

NetTalk, as a framework, obviously applies a lot of attention to security, and we try and default to "safer" options. Thus you need to explicitly allow html to be used in common data places (like headers, browses, forms etc). this was then expanded to the next level to identify a bunch of html as "harmless" and the rest as "potentially unsafe". There are places where you want to use "unsafe" html, because you wrote it. You just need to be sure _you_ wrote it, not one of your users.

So there's nothing wrong with making your own code "ok" - what you _really_ don't want to do is expose code as "ok" which is coming from your database or from an uploaded file or something like that.

cheers
Bruce

DonRidley

  • Don Ridley
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 729
  • donaldridley2011@gmail.com
    • View Profile
    • Email
Re: Uploading files no longer works - Hey Bruce
« Reply #4 on: November 28, 2012, 03:27:00 PM »
Hello Bruce,

My customers have reported and I duplicated an issue with uploading image files.  

Seems the issue only happens in mobile mode.

Shipped File Upload example demonstrates the same behavior.

After selecting image file, user is returned to form with the upload field still blank.

OR

I get an error: "The page you are trying to view contains data that has already been submitted ("POSTDATA"). If you resend the data, any action the form on the page carried out (such as a search or online purchase) will be repeated."

The issue happens with Android phones and iPhones

EDIT:

Had to go back to NetTalk 6, Build 6.46, to get the uploads to start behaving properly.  So, 6.47+, uploads behave - for lack of a better description - "weird" in mobile mode.

Thanks!

Don
« Last Edit: November 28, 2012, 04:35:05 PM by DonRidley »
"Eliminate the impossible, whatever remains, however unlikely, must be the truth."

NetTalk 12.55
Clarion 11

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11244
    • View Profile
Re: Uploading files no longer works
« Reply #5 on: November 28, 2012, 09:24:31 PM »
Hi Don,

I'm not sure about Android (someone with an android phone can chip in here) but as far as I know uploading files is not possible from iOS devices. They don't support that (partly, I think, because they have no "file system", so you can't select a file to upload.)

cheers
Bruce

Jeffrey Kuijt

  • Full Member
  • ***
  • Posts: 142
    • View Profile
    • Email
Re: Uploading files no longer works
« Reply #6 on: November 28, 2012, 09:56:19 PM »
Hi Bruce,

As of iOS6 it is possible to upload photos from your iPad/iPhone's Camera Roll.

I did a small test, please look at:
http://www.adsystems.nl/Example-Upload-photo-from-iPad-Camera-Roll-in-Safari.pdf

But that's only photos. Other files still not possible to upload directly from your iPad/iPhone.

Best regards
Jeffrey

DonRidley

  • Don Ridley
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 729
  • donaldridley2011@gmail.com
    • View Profile
    • Email
Re: Uploading files no longer works
« Reply #7 on: November 29, 2012, 03:25:39 AM »
When you can Bruce, please test with the shipped FileUpload example on an Android device.

Thanks,

Don

"Eliminate the impossible, whatever remains, however unlikely, must be the truth."

NetTalk 12.55
Clarion 11

ccordes

  • Sr. Member
  • ****
  • Posts: 384
    • View Profile
    • Email
Re: Uploading files no longer works
« Reply #8 on: November 29, 2012, 06:22:55 AM »
I can't speak to the Android issue, but just to close my issue - I did get the sample app to work. Then recompiled everything and ours worked. I don't know why it didn't before and I can't say why it is now. I have changed the way we were renaming the uploaded file to use the method in the sample app.
If I can get it to break again, I'll let you know how.

Thanks
Chris
Real programmers use copy con newapp.exe