Ticket #198 (closed defect: fixed)
Upload not working on WebGUI
| Reported by: | kmaclean | Owned by: | kmaclean |
|---|---|---|---|
| Priority: | major | Milestone: | SpeechSubmission 0.1 |
| Component: | SpeechSubmission | Version: | Website 0.2 |
| Keywords: | Cc: |
Description
Change History
comment:2 Changed 12 years ago by kmaclean
More from the Sub Applet Security FAQ: How do I let an applet write a file?
Applets loaded into a Java-enabled browser can't write files.
Sun's appletviewer allows applets to write files that are named on the access control list for writing. The access control list for writing is empty by default.
You can allow applets to write to your /tmp directory by setting the acl.write property in your ~/.hotjava/properties file:
acl.write=/tmp
You can allow applets to write to a particular file by naming it explicitly:
acl.write=/home/me/somedir/somefile
Use : to separate entries:
acl.write=/tmp:/home/me/somedir/somefile
Bear in mind that if you open up your file system for writing by applets, there is no way to limit the amount of disk space an applet might use.
comment:3 Changed 12 years ago by kmaclean
More from the Sub Applet Security FAQ:
# How can an applet open a network connection to a computer on the internet?
Applets are not allowed to open network connections to any computer, except for the host that provided the .class files. This is either the host where the html page came from, or the host specified in the codebase parameter in the applet tag, with codebase taking precendence.
For example, if you try to do this from an applet that did not originate from the machine foo.com, it will fail with a security exception:
Socket s = new Socket("foo.com", 25, true);
comment:4 Changed 12 years ago by kmaclean
From the Sun Applet Tutorial
Specifying the Applet Directory
By default, a browser looks for an applet's class and archive files in the same directory as the HTML file that has the <APPLET> tag. (If the applet's class is in a package, then the browser uses the package name to construct a directory path underneath the HTML file's directory.) Sometimes, however, it's useful to put the applet's files somewhere else. You can use the CODEBASE attribute to tell the browser in which directory the applet's files are located:
<APPLET CODE=AppletSubclass?.class CODEBASE=aURL
WIDTH=anInt HEIGHT=anInt>
</APPLET>
If aURL is a relative URL, then it's interpreted relative to the HTML document's location. By making aURL an absolute URL, you can load an applet from just about anywhere — even from another HTTP server.
comment:5 Changed 12 years ago by kmaclean
Applet on Scout dev server WebGUI instance:
<applet name="Speexuploader" width ="800" height ="800" mayscript="mayscript"
code="moodlespeex/MoodleSpeexRecorderApplet.class"
codebase="http://www.repository.voxforge1.org/SubmitSpeech" style="border: 1px solid rgb(153,153,153);">
<param name="archive" value="moodlespeex.jar"/>
<param name="type" value="application/x-java-applet;version=1.4"/>
<param name="scriptable" value="true"/>
<param name="destination" value="http://www.repository.voxforge1.org/SubmitSpeech/javaUploadServer.php"/>
<param name="endpage" value="http://www.repository.voxforge1.org/SubmitSpeech/endpage.html"/>
<param name="cookie" value="$userID"/>
</applet>
Error generated:
/usr/share/themes/Clearlooks/gtk-2.0/gtkrc:60: Engine "clearlooks" is unsupported, ignoring MoodleSpeexRecorderApplet Cookie: $userID: ***helppage is badly formed:###null###*** Unable to create WAV cache file for storing audio java.lang.SecurityException: Unable to create temporary file MoodleSpeexRecorderApplet Cookie: $userID: ***helppage is badly formed:###null###*** Unable to create WAV cache file for storing audio java.lang.SecurityException: Unable to create temporary file /usr/share/themes/Clearlooks/gtk-2.0/gtkrc:60: Engine "clearlooks" is unsupported, ignoring
comment:6 Changed 12 years ago by kmaclean
This version works - same basic applet code on a PHP page (not using WebGUI).
SubmitSpeechServer.php:
<?php
setcookie("user", "VoxForge", time()+3600);
if (isset($_COOKIE["user"]))
echo "Welcome to the " . $_COOKIE["user"] . " Speech Submissions System" . "!<br />";
else
echo "Welcome guest!<br />";
setcookie("user", "VoxForge", time()+3600);
?>
<?php
$destination = 'http://www.repository.voxforge1.org/SubmitSpeech/javaUploadServer.php';
$endpage = 'http://www.repository.voxforge1.org/SubmitSpeech/endpage.html';
$width=600;
$height=200;
$isforumpost=false;
$subject='';
$filefieldname='userfile';
$compressionmode=1;
$compressionmodes='1,2,3';
global $CFG;
/* The htmlspecialchars() function converts some predefined characters to HTML entities.*/
/* $_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here */
/* $_COOKIE An associative array of variables passed to the current script via HTTP cookies. Automatically global in any scope. */
/* $cookie = htmlspecialchars($_SERVER['_COOKIE']); */
$cookie = ($_COOKIE["user"]);
/* print ("</br>ken:$cookie</br>"); */
$code = <<<ENDHTMLFRAGMENT
<applet name="Speexuploader" width ="800" height ="800" mayscript="mayscript"
code="moodlespeex/MoodleSpeexRecorderApplet.class" codebase="http://www.repository.voxforge1.org/SubmitSpeech" style="border: 1px solid rgb(153,153,153);">
<param name="archive" value="moodlespeex.jar"/>
<param name="type" value="application/x-java-applet;version=1.4"/>
<param name="scriptable" value="true"/>
ENDHTMLFRAGMENT;
$code .= <<<ENDHTMLFRAGMENT
<param name="destination" value="$destination"/>
<param name="filefieldname" value="
ENDHTMLFRAGMENT;
$code .= htmlspecialchars($filefieldname);
$code .= <<<ENDHTMLFRAGMENT
"/>
<param name="endpage" value="$endpage"/>
<param name="cookie" value="$cookie"/>
<param name="compressionmode" value="$compressionmode"/>
<param name="compressionmodes" value="$compressionmodes"/>
The VoxForge Speech Recognition audio recorder applet should appear here. Please check that you have Java enabled in your web browser - this is
required in order to use the audio recorder.
</applet>
ENDHTMLFRAGMENT;
echo $code;
?>
JVM console output:
Archive file location:1&1-aug31-2007831-fks.zip username:1&1-aug31: Uploading to http://www.repository.voxforge1.org/SubmitSpeech/javaUploadServer.php CapturePlayback Cookie: VoxForge: CapturePlayback Cookie: VoxForge: Finished! Sending you on to http://www.repository.voxforge1.org/SubmitSpeech/endpage.html /usr/share/themes/Clearlooks/gtk-2.0/gtkrc:60: Engine "clearlooks" is unsupported, ignoring
comment:7 Changed 12 years ago by kmaclean
- Summary changed from Java Speech Submission Script not working on WebGUI to Upload not working on WebGUI
comment:8 Changed 12 years ago by kmaclean
Workaround: just create a web page on VoxForge? repository, and redirect to it from WebGUI; Use same header and footer as used as for Speech Corpus
comment:10 Changed 12 years ago by kmaclean
- Status changed from new to closed
- Resolution set to fixed
Needed to split the initial submit page into two seperate web pages: one to set the cookie, and one to call the applet. Although the cookie is not set in the second web page, when the Java upload program looks for the cookie, it finds it, and allows the upload.
see ticket #208
comment:11 Changed 12 years ago by root
- Milestone SpeechSubmission 0.1 deleted
Milestone SpeechSubmission 0.1 deleted
from the Sun Applet Security FAQ:
What are applets prevented from doing?
In general, applets loaded over the net are prevented from reading and writing files on the client file system, and from making network connections except to the originating host.
In addition, applets loaded over the net are prevented from starting other programs on the client. Applets loaded over the net are also not allowed to load libraries, or to define native method calls. If an applet could define native method calls, that would give the applet direct access to the underlying computer.