Path

ez projects / paradoxpdf / forum / issues / issue with https


Issue with https

You need to be logged in to post messages in the forums. New users may register here.

Tero Auralinna

Member since:
04 February 2008

Posts: 6

Wednesday 03 June 2009 9:00:04 pm

There seems to be some problems with Safari and IE7 over secured https connections.
Browser tries to open pdf file but somehow it gets corrupted.

Brilliant extension anyway :)

Avenis - Open Source solutions, Internet marketing and web analytics
http://www.avenis.fi
http://www.auralinna.fi
http://twitter.com/teroauralinna

Up

Karnichi Mohamed

Member since:
09 October 2006

Posts: 78

Wednesday 03 June 2009 9:40:52 pm

Hi Tero,

Thanks for reporting the issue. I've googled "pdf over ssh" and found mutiple issues of pdf over ssh.
Some of topics reported the issue is produced when PDF returned by the web server contains HTTP headers to disable caching.

Just could you tell me if this problem comes when you enable paradoxpdf cache?

Thanks

http://www.amiralweb.com Certified eZPublish Expert

Up

Tero Auralinna

Member since:
04 February 2008

Posts: 6

Thursday 04 June 2009 10:18:39 am

In Safari it works if I disable caching. IE7 still fails.

Avenis - Open Source solutions, Internet marketing and web analytics
http://www.avenis.fi
http://www.auralinna.fi
http://twitter.com/teroauralinna

Up

Karnichi Mohamed

Member since:
09 October 2006

Posts: 78

Friday 05 June 2009 5:47:25 pm

Hi Tero,

I've updated the flushPDF methode, it's now on repository : Could you check if this fixed the issue on both paradoxpdf caching modes ?

Thank you

http://www.amiralweb.com Certified eZPublish Expert

Up

Marius Kuntke

Member since:
17 April 2013

Posts: 7

Friday 19 April 2013 3:12:40 pm

I´ve the same problem in IE7 over https.
Up

Karnichi Mohamed

Member since:
09 October 2006

Posts: 78

Friday 19 April 2013 4:39:49 pm

Hi Marius

Could you please replace th flush method with folowing, and tell me if this fix the issue ?




   public function flushPDF($data, $pdf_file_name = 'file', $size, $mtime= false, $expiry = false)


   {


 

       // sanitize pdf_file_name to prevent file donwload injection attacks


       $pdf_file_name = self::sanitize($pdf_file_name);


 

       ob_clean();


 

       header('X-Powered-By: eZ Publish - ParadoxPDF');


       header('Content-Type: application/pdf');


       header('Cache-Control: no-store,max-age=0,must-revalidate');


       header('Content-Disposition: attachment; filename="' . $pdf_file_name . '.pdf"');


       header('Content-Length: ' . $size);


       header( 'Content-Transfer-Encoding: binary' );


       header( 'Accept-Ranges: bytes' );


 

       ob_end_clean();


 

       echo $data;


 

       eZExecution::cleanExit();


   }


 



Thanks

http://www.amiralweb.com Certified eZPublish Expert

Up

Marius Kuntke

Member since:
17 April 2013

Posts: 7

Monday 22 April 2013 3:48:49 pm

Unfortunately, no change...
Up

Karnichi Mohamed

Member since:
09 October 2006

Posts: 78

Monday 22 April 2013 4:05:45 pm

Sorry, i forgot the most important header




   public function flushPDF($data, $pdf_file_name = 'file', $size, $mtime= false, $expiry = false)


   {


 

       // sanitize pdf_file_name to prevent file donwload injection attacks


       $pdf_file_name = self::sanitize($pdf_file_name);


 

       ob_clean();


 

       header('X-Powered-By: eZ Publish - ParadoxPDF');


       header('Content-Type: application/pdf');


       header('Cache-Control: no-store, max-age=0, must-revalidate');        

       header('Content-Disposition: attachment; filename="' . $pdf_file_name . '"');


       /* Set cache time out to 10 seconds, this should be good enough to work around an IE bug */


       header( "Expires: ". gmdate( 'D, d M Y H:i:s', time() + 10 ) . ' GMT' );


       header('Content-Length: ' . $size);


       header( 'Content-Transfer-Encoding: binary' );


       header( 'Accept-Ranges: bytes' );


 

       ob_end_clean();


 

       echo $data;


 

       eZExecution::cleanExit();


   }




Or Last chance




public function flushPDF($data, $pdf_file_name = 'file', $size, $mtime= false, $expiry = false)


   {


 

       // sanitize pdf_file_name to prevent file donwload injection attacks


       $pdf_file_name = self::sanitize($pdf_file_name);


 

       ob_clean();


 

       header('X-Powered-By: eZ Publish - ParadoxPDF');


       /* Set cache time out to 10 seconds, this should be good enough to work around an IE bug */


       header('Cache-Control: private, max-age=10, must-revalidate');


       header('Content-Type: application/pdf');


       header('Content-Disposition: attachment; filename="' . $pdf_file_name . '"');


       header('Content-Length: ' . $size);


       header( 'Content-Transfer-Encoding: binary' );


       header( 'Accept-Ranges: bytes' );


 

       ob_end_clean();


 

       echo $data;


 

       eZExecution::cleanExit();


   }


http://www.amiralweb.com Certified eZPublish Expert

Up

Marius Kuntke

Member since:
17 April 2013

Posts: 7

Monday 22 April 2013 4:17:47 pm

does not work...
i´ve been tested both posted functions and I´m using version 2.2.
original:



public function flushPDF($data, $pdf_file_name = 'file', $size, $mtime, $expiry)


   {


 

       //Fixing https issues by forcing file download


       $contentType = 'application/octet-stream';


       $userAgent = eZSys::serverVariable('HTTP_USER_AGENT');


 

       if (preg_match('%Opera(/| )([0-9].[0-9]{1,2})%', $userAgent)) {


           $contentType = 'application/octetstream';


       } elseif (preg_match('/MSIE ([0-9].[0-9]{1,2})/', $userAgent)) {


           $contentType = 'application/force-download';


 

       }


 

       // sanitize pdf_file_name to prevent file donwload injection attacks


       $pdf_file_name = self::sanitize($pdf_file_name);


 

       ob_clean();


 

       header('X-Powered-By: eZ Publish - ParadoxPDF');


       header('Content-Type: ' . $contentType);


       header('Expires: Sat, 03 Jan 1970 00:00:00 GMT');


       header('Cache-Control: private');


       header('Pragma: private', false);


       header('Content-Disposition: attachment; filename="' . $pdf_file_name . '.pdf"');


       header('Content-Length: ' . $size);


       header('Content-Transfer-Encoding: binary');


       header('Accept-Ranges: bytes');


       header('Connection: close');


 

       ob_end_clean();


 

       echo $data;


 

       eZExecution::cleanExit();


   }


Up

Karnichi Mohamed

Member since:
09 October 2006

Posts: 78

Monday 22 April 2013 4:30:21 pm

Ok thanks for your feed back, it appears that settings any cache related header causes problems. eZ Publish has fixed this problem on content/download view.

It shoud work with this





 

   public function flushPDF($data, $pdf_file_name = 'file', $size, $mtime= false, $expiry = false)


   {


 

       // sanitize pdf_file_name to prevent file donwload injection attacks


       $pdf_file_name = self::sanitize($pdf_file_name);


 

       ob_clean();


 

       header('X-Powered-By: eZ Publish - ParadoxPDF');


       // Fixes problems with IE when opening a file directly


       header( "Pragma: " );


       header( "Cache-Control: " );


       // Last-Modified header cannot be set, otherwise browser like FF will fail while resuming a paused download


       // because it compares the value of Last-Modified headers between requests.


       header( "Last-Modified: " );


       /* Set cache time out to 10 minutes, this should be good enough to work around an IE bug */


       header( "Expires: ". gmdate( 'D, d M Y H:i:s', time() + 600 ) . ' GMT' );


       header('Content-Type: application/pdf');


       header('Content-Disposition: attachment; filename="' . $pdf_file_name . '"');


       header('Content-Length: ' . $size);


       header( 'Content-Transfer-Encoding: binary' );


       header( 'Accept-Ranges: bytes' );


 

       ob_end_clean();


 

       echo $data;


 

       eZExecution::cleanExit();


   }


 

http://www.amiralweb.com Certified eZPublish Expert

Up

Marius Kuntke

Member since:
17 April 2013

Posts: 7

Monday 22 April 2013 4:38:05 pm

if I use
header("Pragma: public");
in the standard version 2.2 it works. Is this a security problem?
Up

Karnichi Mohamed

Member since:
09 October 2006

Posts: 78

Monday 22 April 2013 4:47:58 pm

have you tried my last code ?
it's not an issue, but the pdf may be cached in any reverse proxy or in search engines caches ...(google)

http://www.amiralweb.com Certified eZPublish Expert

Up

Marius Kuntke

Member since:
17 April 2013

Posts: 7

Monday 22 April 2013 4:50:00 pm

OK, thanks. Your last code also works.
Up

You need to be logged in to post messages in the forums. New users may register here.