View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007914 | mantisbt | bugtracker | public | 2007-04-23 14:57 | 2009-06-26 12:07 |
Reporter | elros | Assigned To | grangeway | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.0.6 | ||||
Fixed in Version | 1.1.0a3 | ||||
Summary | 0007914: Can't download attachments with IE over SSL | ||||
Description | Trying to download an attachment with IE (with both 7 and 6 - I didn't try any earlier versions) results in this error message: Internet Explorer cannot download file_download.php from www.mysite.com. Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later. Chaning line 87 of file_download.php from this: if ( ( isset( $_SERVER["HTTPS"] ) && "on" == $_SERVER["HTTPS"] ) && preg_match( "/MSIE/", $_SERVER["HTTP_USER_AGENT"] ) ) { To this: if ( ( isset( $_SERVER["HTTPS"] ) && "ON" == $_SERVER["HTTPS"] ) && preg_match( "/MSIE/", $_SERVER["HTTP_USER_AGENT"] ) ) { seems to resolve the issue (the only change is "on" is changed to "ON"). | ||||
Tags | No tags attached. | ||||
Attached Files | file_download.php.patch (841 bytes)
Index: file_download.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/file_download.php,v retrieving revision 1.38 diff -u -r1.38 file_download.php --- file_download.php 28 Mar 2006 02:05:25 -0000 1.38 +++ file_download.php 2 May 2007 07:19:26 -0000 @@ -91,7 +91,8 @@ # attached files via HTTPS, we disable the "Pragma: no-cache" # command when IE is used over HTTPS. global $g_allow_file_cache; - if ( ( isset( $_SERVER["HTTPS"] ) && "on" == $_SERVER["HTTPS"] ) && preg_match( "/MSIE/", $_SERVER["HTTP_USER_AGENT"] ) ) { + + if ( ( isset( $_SERVER["HTTPS"] ) && "on" == strtolower($_SERVER["HTTPS"]) ) && preg_match( "/MSIE/", $_SERVER["HTTP_USER_AGENT"] ) ) { # Suppress "Pragma: no-cache" header. } else { if ( ! isset( $g_allow_file_cache ) ) { file_download.php (3,914 bytes)
<?php # Mantis - a php based bugtracking system # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org # Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the README and LICENSE files for details # -------------------------------------------------------- # $Id: file_download.php,v 1.38 2006/03/28 02:05:25 thraxisp Exp $ # -------------------------------------------------------- ?> <?php # Add file and redirect to the referring page ?> <?php $g_bypass_headers = true; # suppress headers as we will send our own later require_once( 'core.php' ); $t_core_path = config_get( 'core_path' ); require_once( $t_core_path.'file_api.php' ); ?> <?php auth_ensure_user_authenticated() ?> <?php $f_file_id = gpc_get_int( 'file_id' ); $f_type = gpc_get_string( 'type' ); $c_file_id = (integer)$f_file_id; # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $query = ''; switch ( $f_type ) { case 'bug': $t_bug_file_table = config_get( 'mantis_bug_file_table' ); $query = "SELECT * FROM $t_bug_file_table WHERE id='$c_file_id'"; break; case 'doc': $t_project_file_table = config_get( 'mantis_project_file_table' ); $query = "SELECT * FROM $t_project_file_table WHERE id='$c_file_id'"; break; default: access_denied(); } $result = db_query( $query ); $row = db_fetch_array( $result ); extract( $row, EXTR_PREFIX_ALL, 'v' ); # Check access rights switch ( $f_type ) { case 'bug': if ( !file_can_download_bug_attachments( $v_bug_id ) ) { access_denied(); } break; case 'doc': # Check if project documentation feature is enabled. if ( OFF == config_get( 'enable_project_documentation' ) ) { access_denied(); } access_ensure_project_level( config_get( 'view_proj_doc_threshold' ), $v_project_id ); break; } # flush output buffer to protect download @ob_end_clean(); # Make sure that IE can download the attachments under https. header( 'Pragma: public' ); header( 'Content-Type: ' . $v_file_type ); header( 'Content-Length: ' . $v_filesize ); $t_filename = file_get_display_name( $v_filename ); $t_inline_files = explode(',', config_get('inline_file_exts', 'gif')); if ( in_array( file_get_extension($t_filename), $t_inline_files ) ) { $t_disposition = ''; //'inline;'; } else { $t_disposition = ' attachment;'; } # Added Quotes (") around file name. header( 'Content-Disposition:' . $t_disposition . ' filename="' . $t_filename . '"' ); header( 'Content-Description: Download Data' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s \G\M\T', db_unixtimestamp( $v_date_added ) ) ); # To fix an IE bug which causes problems when downloading # attached files via HTTPS, we disable the "Pragma: no-cache" # command when IE is used over HTTPS. global $g_allow_file_cache; if ( ( isset( $_SERVER["HTTPS"] ) && "on" == strtolower($_SERVER["HTTPS"]) ) && preg_match( "/MSIE/", $_SERVER["HTTP_USER_AGENT"] ) ) { # Suppress "Pragma: no-cache" header. } else { if ( ! isset( $g_allow_file_cache ) ) { header( 'Pragma: no-cache' ); } } header( 'Expires: ' . gmdate( 'D, d M Y H:i:s \G\M\T', time() ) ); # dump file content to the connection. switch ( config_get( 'file_upload_method' ) ) { case DISK: if ( file_exists( $v_diskfile ) ) { readfile( $v_diskfile ); } break; case FTP: if ( file_exists( $v_diskfile ) ) { readfile( $v_diskfile ); } else { $ftp = file_ftp_connect(); file_ftp_get ( $ftp, $v_diskfile, $v_diskfile ); file_ftp_disconnect( $ftp ); readfile( $v_diskfile ); } break; default: echo $v_content; } exit(); ?> | ||||
Hi there, the problem is, that on some servers this value is "ON" and on others it is "on". So i fixed this issue by inserting a "strtolower". if ( ( isset( $_SERVER["HTTPS"] ) && "on" == strtolower($_SERVER["HTTPS"]) ) && preg_match( "/MSIE/", $_SERVER["HTTP_USER_AGENT"] ) ) { Best regards, |
|
Patched. |
|
This bug still exists in 1.0.8. |
|
Thank you for taking the time to report a problem with mantis. Since this problem report was originally made, a number of releases have occured. Additionally no recent feedback has been received on this issue. Unfortunately you are not using the latest version and the problem might already be fixed. Please download the latest release from http://www.mantisbt.org/download.php If you are able to reproduce this bug in the current release, or have some more information on how this feature could be improved in the current release. Please either change the mantis version on this bug report Again, thank you for your continued support and report. |
|