View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0003553mantisbtbugtrackerpublic2004-02-11 08:242004-07-07 18:51
Reporterpturner Assigned Torfoster  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version0.18.1 
Fixed in Version0.19.0a1 
Summary0003553: Cannot download attached files with IE5.5 or better over SSL
Description

The latest version of mantis (0.18.1) utilizes HTTP headers which will prevent IE5.5 or later to download an attached file over an SSL connection.

Additional Information

There is some known issue about Internet Explorer, no-cache headers, SSL, and downloading files using a URL.

When we upgraded from Mantis 0.18.0a3 to 0.18.1, my users reported that they couldn't access files that they attached to the bugs (we store the files in a MySQL database). I typically use Netscape 7.1, and didn't have any problem. All the users with the problem were using IE6.0.

We use SSL for our Mantis installation. I was able to reproduce the problem on my workstation when I switched to using IE6.0. I changed my config_inc.php to use a base URL of "http://" rather than "https://" (in essence, I turned off SSL for our Mantis installation) and the problem went away with IE6.0. I turned back on SSL, and the problem reappeared with IE6.0. Then, I changed core.php to comment out three of the following four lines of code:

header( 'Pragma: no-cache' );

header( 'Expires: Fri, 01 Jan 1999 00:00:00 GMT' );

header( 'Cache-Control: no-store, no-cache, must-revalidate' );

header( 'Cache-Control: post-check=0, pre-check=0', false );

Then, I was able to use IE6.0 along with SSL and download a file.

There is also a "hotfix" from Microsloth available to fix this problem in IE6.0, but there were some warnings about how the hotfix wasn't the most tested thing in the world, so we decided to keep SSL, pass on the hotfix, and hack the Mantis code.

The Microsoft support links relating to this problem are:
http://support.microsoft.com/default.aspx?kbid=812935
and
http://support.microsoft.com/default.aspx?kbid=323308

TagsNo tags attached.
Attached Files
mantis.diff (3,199 bytes)    
Index: csv_export.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/csv_export.php,v
retrieving revision 1.19
diff -u -r1.19 csv_export.php
--- csv_export.php	30 May 2004 01:49:31 -0000	1.19
+++ csv_export.php	11 Jun 2004 05:23:20 -0000
@@ -41,6 +41,10 @@
         $t_filename = csv_get_default_filename();
 
 	# Send headers to browser to activate mime loading
+
+	# Make sure that IE can download the attachments under https.
+	header( 'Pragma: public' );
+	
 	header( 'Content-Type: text/plain; name=' . $t_filename );
 	header( 'Content-Transfer-Encoding: BASE64;' );
 	header( 'Content-Disposition: attachment; filename=' . $t_filename );
Index: file_download.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/file_download.php,v
retrieving revision 1.27
diff -u -r1.27 file_download.php
--- file_download.php	18 Mar 2004 14:02:28 -0000	1.27
+++ file_download.php	11 Jun 2004 05:23:20 -0000
@@ -65,9 +65,15 @@
 			access_ensure_project_level( config_get( 'view_proj_doc_threshold' ), $v_project_id );
 			break;
 	}
+	
+	# Make sure that IE can download the attachments under https.
+	header( 'Pragma: public' );
+	
 	header( 'Content-type: ' . $v_file_type );
 	header( 'Content-Length: ' . $v_filesize );
-	header( 'Content-Disposition: filename=' . file_get_display_name( $v_filename ) );
+	
+	# Added Quotes (") around file name.
+	header( 'Content-Disposition: filename="' . file_get_display_name( $v_filename ) . '"' );
 	header( 'Content-Description: Download Data' );
 
 	# dump file content to the connection.
Index: print_all_bug_page_excel.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/print_all_bug_page_excel.php,v
retrieving revision 1.38
diff -u -r1.38 print_all_bug_page_excel.php
--- print_all_bug_page_excel.php	30 May 2004 01:49:31 -0000	1.38
+++ print_all_bug_page_excel.php	11 Jun 2004 05:23:20 -0000
@@ -36,6 +36,10 @@
 	if ( $f_type_page != 'html' ) {
 		$t_export_title = $g_page_title."_excel";
 		$t_export_title = ereg_replace( '[\/:*?"<>|]', '', $t_export_title );
+
+		# Make sure that IE can download the attachments under https.
+		header( 'Pragma: public' );
+
 		header( 'Content-Type: application/vnd.ms-excel' );
 		header( 'Content-Disposition: attachment; filename="' . $t_export_title . '.xls"' );
 	}
Index: print_all_bug_page_word.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/print_all_bug_page_word.php,v
retrieving revision 1.45
diff -u -r1.45 print_all_bug_page_word.php
--- print_all_bug_page_word.php	5 Mar 2004 02:27:51 -0000	1.45
+++ print_all_bug_page_word.php	11 Jun 2004 05:23:20 -0000
@@ -38,6 +38,10 @@
 	if ( $f_type_page != 'html' ) {
 		$t_export_title = $g_page_title."_word";
 		$t_export_title = ereg_replace( '[\/:*?"<>|]', '', $t_export_title );
+
+		# Make sure that IE can download the attachments under https.
+		header( 'Pragma: public' );
+		
 		header( 'Content-Type: application/msword' );
 		header( 'Content-Disposition: attachment; filename="' . $t_export_title . '.doc"' );
 	}
mantis.diff (3,199 bytes)   

Relationships

has duplicate 0003672 closedrfoster Does not generate word document when running under SSL 
has duplicate 0004300 closedjlatour Doc files not accessible through SSL terminated load balancer. 
has duplicate 0003815 closedvboctor 0.18.2: Downloading attachments fails for IE6 with SSL connection 

Activities

zealot

zealot

2004-03-26 06:02

reporter   ~0005270

We're using Mantis 0.18.2 and had the same problem described above.

But, instead for removing the `Pragma: no-cache' for all clients, we did a check
on the $_SERVER['HTTP_USER_AGENT'] and removed the chache-things only for
MSIE-clients.

The two lines MSIE doesn't like are:
header( 'Pragma: no-cache' );' and header( 'Cache-Control: no-store, no-cache, must-revalidate' );'
The rest is OK.

This has been tested on a IE6.0 client running on W2K.
drdoctor

drdoctor

2004-03-31 03:14

reporter   ~0005296

I can confirm the problem, I will try to use your solution.
rfoster

rfoster

2004-06-11 00:20

reporter   ~0005688

The better option is to just set Pragma: Public whenever we need to download a file for IE.
rfoster

rfoster

2004-06-11 00:22

reporter   ~0005689

Refer to attached diff. (also uploaded to dev list.)
rfoster

rfoster

2004-06-11 00:23

reporter   ~0005690

updating certain fields :/