Ticket #198 (closed defect: fixed)

Opened 11 years ago

Last modified 11 years ago

Upload not working on WebGUI

Reported by: kmaclean Owned by: kmaclean
Priority: major Milestone: SpeechSubmission 0.1
Component: SpeechSubmission Version: Website 0.2
Keywords: Cc:

Description


Change History

comment:1 Changed 11 years ago by kmaclean

from the Sun Applet Security FAQ:

What are applets prevented from doing?

In general, applets loaded over the net are prevented from reading and writing files on the client file system, and from making network connections except to the originating host.

In addition, applets loaded over the net are prevented from starting other programs on the client. Applets loaded over the net are also not allowed to load libraries, or to define native method calls. If an applet could define native method calls, that would give the applet direct access to the underlying computer.

comment:2 Changed 11 years ago by kmaclean

More from the Sub Applet Security FAQ: How do I let an applet write a file?

Applets loaded into a Java-enabled browser can't write files.

Sun's appletviewer allows applets to write files that are named on the access control list for writing. The access control list for writing is empty by default.

You can allow applets to write to your /tmp directory by setting the acl.write property in your ~/.hotjava/properties file:

acl.write=/tmp

You can allow applets to write to a particular file by naming it explicitly:

acl.write=/home/me/somedir/somefile

Use : to separate entries:

acl.write=/tmp:/home/me/somedir/somefile

Bear in mind that if you open up your file system for writing by applets, there is no way to limit the amount of disk space an applet might use.

comment:3 Changed 11 years ago by kmaclean

More from the Sub Applet Security FAQ:

# How can an applet open a network connection to a computer on the internet?

Applets are not allowed to open network connections to any computer, except for the host that provided the .class files. This is either the host where the html page came from, or the host specified in the codebase parameter in the applet tag, with codebase taking precendence.

For example, if you try to do this from an applet that did not originate from the machine foo.com, it will fail with a security exception:

Socket s = new Socket("foo.com", 25, true);

comment:4 Changed 11 years ago by kmaclean

From the Sun Applet Tutorial

Specifying the Applet Directory

By default, a browser looks for an applet's class and archive files in the same directory as the HTML file that has the <APPLET> tag. (If the applet's class is in a package, then the browser uses the package name to construct a directory path underneath the HTML file's directory.) Sometimes, however, it's useful to put the applet's files somewhere else. You can use the CODEBASE attribute to tell the browser in which directory the applet's files are located:

<APPLET CODE=AppletSubclass?.class CODEBASE=aURL

WIDTH=anInt HEIGHT=anInt>

</APPLET>

If aURL is a relative URL, then it's interpreted relative to the HTML document's location. By making aURL an absolute URL, you can load an applet from just about anywhere — even from another HTTP server.

comment:5 Changed 11 years ago by kmaclean

Applet on Scout dev server WebGUI instance:

<applet name="Speexuploader" width ="800" height ="800" mayscript="mayscript"
      code="moodlespeex/MoodleSpeexRecorderApplet.class" 
      codebase="http://www.repository.voxforge1.org/SubmitSpeech" style="border: 1px solid rgb(153,153,153);">
<param name="archive"  value="moodlespeex.jar"/>
<param name="type"  value="application/x-java-applet;version=1.4"/>
<param name="scriptable"  value="true"/>
<param name="destination" value="http://www.repository.voxforge1.org/SubmitSpeech/javaUploadServer.php"/>
<param name="endpage"  value="http://www.repository.voxforge1.org/SubmitSpeech/endpage.html"/>
<param name="cookie"  value="$userID"/>
</applet>

Error generated:

/usr/share/themes/Clearlooks/gtk-2.0/gtkrc:60: Engine "clearlooks" is unsupported, ignoring
MoodleSpeexRecorderApplet Cookie: $userID:

***helppage is badly formed:###null###***
Unable to create WAV cache file for storing audio
java.lang.SecurityException: Unable to create temporary file
MoodleSpeexRecorderApplet Cookie: $userID:

***helppage is badly formed:###null###***
Unable to create WAV cache file for storing audio
java.lang.SecurityException: Unable to create temporary file
/usr/share/themes/Clearlooks/gtk-2.0/gtkrc:60: Engine "clearlooks" is unsupported, ignoring

comment:6 Changed 11 years ago by kmaclean

This version works - same basic applet code on a PHP page (not using WebGUI).

SubmitSpeechServer.php:

<?php
setcookie("user", "VoxForge", time()+3600);
if (isset($_COOKIE["user"]))
  echo "Welcome to the " . $_COOKIE["user"] . " Speech Submissions System" . "!<br />";
else
  echo "Welcome guest!<br />";
setcookie("user", "VoxForge", time()+3600);

?>
<?php


$destination = 'http://www.repository.voxforge1.org/SubmitSpeech/javaUploadServer.php';
$endpage = 'http://www.repository.voxforge1.org/SubmitSpeech/endpage.html';
$width=600;
$height=200;
$isforumpost=false;
$subject='';
$filefieldname='userfile';
$compressionmode=1;
$compressionmodes='1,2,3';
  global $CFG;
/* The htmlspecialchars() function converts some predefined characters to HTML entities.*/
/* $_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here */
/* $_COOKIE An associative array of variables passed to the current script via HTTP cookies. Automatically global in any scope. */
/*  $cookie = htmlspecialchars($_SERVER['_COOKIE']); */
$cookie = ($_COOKIE["user"]);
/* print ("</br>ken:$cookie</br>"); */

  $code =  <<<ENDHTMLFRAGMENT
<applet name="Speexuploader" width ="800" height ="800" mayscript="mayscript"
      code="moodlespeex/MoodleSpeexRecorderApplet.class" codebase="http://www.repository.voxforge1.org/SubmitSpeech" style="border: 1px solid rgb(153,153,153);">
 <param name="archive"  value="moodlespeex.jar"/>
 <param name="type"  value="application/x-java-applet;version=1.4"/>
 <param name="scriptable"  value="true"/>
ENDHTMLFRAGMENT;
  $code .=  <<<ENDHTMLFRAGMENT
 <param name="destination" value="$destination"/>
 <param name="filefieldname"  value="
ENDHTMLFRAGMENT;
  $code .= htmlspecialchars($filefieldname);
  $code .=  <<<ENDHTMLFRAGMENT
"/>
 <param name="endpage"  value="$endpage"/>
 <param name="cookie"  value="$cookie"/>
 <param name="compressionmode"  value="$compressionmode"/>
 <param name="compressionmodes"  value="$compressionmodes"/>
 The VoxForge Speech Recognition audio recorder applet should appear here. Please check that you have Java enabled in your web browser - this is
 required in order to use the audio recorder.
 </applet>
ENDHTMLFRAGMENT;


echo $code;

?>

JVM console output:

Archive file location:1&1-aug31-2007831-fks.zip
username:1&1-aug31:
Uploading to http://www.repository.voxforge1.org/SubmitSpeech/javaUploadServer.php
CapturePlayback Cookie: VoxForge:

CapturePlayback Cookie: VoxForge:

Finished! Sending you on to http://www.repository.voxforge1.org/SubmitSpeech/endpage.html
/usr/share/themes/Clearlooks/gtk-2.0/gtkrc:60: Engine "clearlooks" is unsupported, ignoring

comment:7 Changed 11 years ago by kmaclean

  • Summary changed from Java Speech Submission Script not working on WebGUI to Upload not working on WebGUI

comment:8 Changed 11 years ago by kmaclean

Workaround: just create a web page on VoxForge? repository, and redirect to it from WebGUI; Use same header and footer as used as for Speech Corpus

comment:9 Changed 11 years ago by kmaclean

  • Priority changed from critical to major

comment:10 Changed 11 years ago by kmaclean

  • Status changed from new to closed
  • Resolution set to fixed

Needed to split the initial submit page into two seperate web pages: one to set the cookie, and one to call the applet. Although the cookie is not set in the second web page, when the Java upload program looks for the cookie, it finds it, and allows the upload.

see ticket #208

comment:11 Changed 11 years ago by root

  • Milestone SpeechSubmission 0.1 deleted

Milestone SpeechSubmission 0.1 deleted

comment:12 Changed 11 years ago by kmaclean

  • Milestone set to SpeechSubmission 0.1
Note: See TracTickets for help on using tickets.