1 2 3 Previous Next 37 Replies Latest reply: Apr 15, 2010 2:35 PM by 746333 Go to original post RSS
      • 15. Re: Open a file from File Server: Security issue
        746333
        A,

        Thanks for the reply.

        Could you pl. tell me where & how we have to call the procedure
        in the Apex in order to send the file to browser?

        Regards,
        Dip
        • 16. Re: Open a file from File Server: Security issue
          maceyah
          I did a few quick Apex (XE using EPG) tests without success including ondemand process and a separate page containg only a pl/sql region that calls the proc. None of them worked (except for lots of garbage characters when the page is loaded).
          htp.p('<img src="f?p=&APP_ID.:1:&APP_SESSION.:APPLICATION_PROCESS=DO_SHO_JPG">');
          htp.p('<img src="f?p=&APP_ID.:2:&APP_SESSION.">');


          All similar hits I find point to calling the proc directly from the URL. This isn't a security issue, becuase you can still do whatever checks you like in the PL/SQL before sending the content to the browser.

          See Re: PL/PDF

          I can successfully send XML to an iframe and get the browser to recognize it correctly, without resorting to calling the proc in the URL directly, so I'm unsure what the limitation is.

          Edited by: maceyah on Apr 9, 2010 3:11 PM
          • 17. Re: Open a file from File Server: Security issue
            716366
            Hi,

            maybe you will find it of any use:

            1. Make a mapping table with the file metadata including the original file name;
            2. Write a procedure to register new pdf files in the mapping table and rename the files (or make a copy to other directory and rename), for example <rowid>.PDF where <rowid> is the mapping record's ROWID

            One more comment: i am not sure but as far as i have read there is a problem with caching when retrieving files from database rather from file system. Maybe more experienced in this field will clarify if there is really such issue.


            Mindaugas
            • 18. Re: Open a file from File Server: Security issue
              746333
              Is there any step by step documentation available to load pdf in the database and open it using Apex?

              I am trying the way 'maceyah' has did but it seems something is missing.

              Thanks,
              Dip
              • 19. Re: Open a file from File Server: Security issue
                maceyah
                Strangely enough, this seems to work just fine in Windows XE 10g, Apex 3.1.2. Snippets copied from Jasper Reports Integration - beta release

                To show PDF inline in page:
                1) create stored proc
                CREATE OR REPLACE PROCEDURE sho_pdf
                AS
                   l_blob    BLOB;
                   l_bfile   BFILE;
                BEGIN
                   DBMS_LOB.createtemporary (l_blob, TRUE, DBMS_LOB.SESSION);
                   --create or replace directory MY_FILES as 'c:\my_pdfs'; --'/users/pdf/files'
                   l_bfile := BFILENAME ('MY_FILES', 'my.pdf');
                   DBMS_LOB.fileopen (l_bfile);
                   DBMS_LOB.loadfromfile (l_blob, l_bfile, DBMS_LOB.getlength (l_bfile));
                   DBMS_LOB.fileclose (l_bfile);
                
                   OWA_UTIL.mime_header ('application/pdf',
                                         bclose_header      => FALSE);
                   ------------------------------------------------------------------------
                   -- set content length
                   ------------------------------------------------------------------------
                   HTP.p ('Content-length: ' || DBMS_LOB.getlength (l_blob));
                   OWA_UTIL.http_header_close;
                   ------------------------------------------------------------------------
                   -- download the file and display in browser
                   ------------------------------------------------------------------------
                   WPG_DOCLOAD.download_file (l_blob);
                   ------------------------------------------------------------------------
                   -- release resources
                   ------------------------------------------------------------------------
                   DBMS_LOB.freetemporary (l_blob);
                
                EXCEPTION
                   WHEN NO_DATA_FOUND
                   THEN
                      NULL;
                END;
                /
                2) create application process "DO_SHO_PDF",
                Process point=On Demand: Run this application process when requested by a page process.
                Process text = sho_pdf;

                3) create a pl/sql (or HTML) region (in my case in page #1) to display the pdf.
                htp.p('pdf EMBED below<br>');
                htp.p('<object data="f?p=&APP_ID.:1:&APP_SESSION.:APPLICATION_PROCESS=DO_SHO_PDF" type="application/pdf" width="500" height="500">  alt : <a href="f?p=&APP_ID.:1:&APP_SESSION.:APPLICATION_PROCESS=DO_SHO_PDF">test.pdf</a></object>');
                
                
                --htp.p('<br>pdf IFRAME below<br>');
                --htp.p('<iframe src="f?p=&APP_ID.:1:&APP_SESSION.:APPLICATION_PROCESS=DO_SHO_PDF" width="500" height="500" frameborder="1"><p>Your browser does not support iframes.</p>
                </iframe>');
                --htp.p('<br>2 pdfs above');
                Edited by: maceyah on Apr 15, 2010 10:23 AM. Added iframe close tag
                • 20. Re: Open a file from File Server: Security issue
                  746333
                  Thanks maceyah for detailed information.

                  I followed exactly your information.

                  I made only one change in sho_pdf
                  l_bfile := BFILENAME ('MY_FILES', 'my.pdf');
                  to l_bfile := BFILENAME ('c:\my_pdfs', 'my.pdf'); -- my_pdfs dir has my.pdf file.

                  Unfortunately, application returns error when I run.
                  Error: Adobe Reader could not open 'A9R8965.tmp' because it is either not a supported file type or because the file has been damaged....

                  My HTML region source:
                  htp.p('pdf EMBED below<br>');
                  htp.p('<object data="f?p=&APP_ID.:1:&APP_SESSION.:APPLICATION_PROCESS=DO_SHO_PDF" type="application/pdf" width="500" height="500"> alt : <a >href="#">my.pdf</a></object>');
                  I am not sure how to fix this.

                  Regards,
                  Dip

                  Edited by: user8609115 on 13-Apr-2010 5:51 AM
                  • 21. Re: Open a file from File Server: Security issue
                    fac586
                    l_bfile := BFILENAME ('c:\my_pdfs', 'my.pdf'); -- my_pdfs dir has my.pdf file.
                    First parameter must be a directory object, NOT a filesystem path.

                    http://download.oracle.com/docs/cd/E11882_01/server.112/e10592/functions017.htm#sthref947
                    http://download.oracle.com/docs/cd/E11882_01/server.112/e10592/statements_5007.htm
                    • 22. Re: Open a file from File Server: Security issue
                      746333
                      Ok. I got your point.

                      I have created a directory first.
                      CREATE DIRECTORY MY_FILES AS '/opt/app/web_files';
                      And modified procedure:
                      CREATE OR REPLACE PROCEDURE sho_pdf
                      AS
                      l_blob BLOB;
                      l_bfile BFILE;
                      BEGIN
                      DBMS_LOB.createtemporary (l_blob, TRUE, DBMS_LOB.SESSION);
                      l_bfile := BFILENAME ('MY_FILES', 'my.pdf');
                      DBMS_LOB.fileopen (l_bfile);
                      DBMS_LOB.loadfromfile (l_blob, l_bfile, DBMS_LOB.getlength (l_bfile));
                      DBMS_LOB.fileclose (l_bfile);

                      OWA_UTIL.mime_header ('application/pdf',
                      bclose_header => FALSE);
                      ------------------------------------------------------------------------
                      -- set content length
                      ------------------------------------------------------------------------
                      HTP.p ('Content-length: ' || DBMS_LOB.getlength (l_blob));
                      OWA_UTIL.http_header_close;
                      ------------------------------------------------------------------------
                      -- download the file and display in browser
                      ------------------------------------------------------------------------
                      WPG_DOCLOAD.download_file (l_blob);
                      ------------------------------------------------------------------------
                      -- release resources
                      ------------------------------------------------------------------------
                      DBMS_LOB.freetemporary (l_blob);

                      EXCEPTION
                      WHEN NO_DATA_FOUND
                      THEN
                      NULL;
                      END;
                      However, it returns same Error: Adobe Reader could not open 'A9R8965.tmp' because it is either not a supported file type or because the file has been damaged....

                      Dip
                      • 23. Re: Open a file from File Server: Security issue
                        fac586
                        Please update your forum profile with a better handle than "user8609115"...

                        So what happens if you download and save the file? Is the expected size? If opened in a text editor, does it look like PDF code?
                        • 24. Re: Open a file from File Server: Security issue
                          746333
                          When I run the application, it returns:
                          Error in pop up window:
                          Adobe Reader could not open 'A9R8965.tmp' because it is either not a supported file type or because the file has been damaged....

                          I can see the text in pdf area
                          'htp.p('pdf EMBED below
                          'pdf' icon at the middle of the page and at the bottom of thepage
                          '); htp.p('
                          No, window for the download, no pdf, no any characters.

                          Thanks,
                          Dip

                          Edited by: user8609115 on 13-Apr-2010 8:07 AM
                          • 25. Re: Open a file from File Server: Security issue
                            oradbuser
                            I am also trying the same to display pdf files onto the browser...

                            do we have to create the above stored procedure inside the oracle database??
                            or copy the code into the process text option of the create application process screen???

                            Thanks
                            • 26. Re: Open a file from File Server: Security issue
                              maceyah
                              htp.p is a pl/sql print statement - you can't use it in an HTML region.
                              1) Change your region to pl/sql or just use static HTML (I used pl/sql region, but HTML is sufficient here):
                              pdf EMBED below<br>
                              
                              <object data="f?p=&APP_ID.:1:&APP_SESSION.:APPLICATION_PROCESS=DO_SHO_PDF" type="application/pdf" width="500" height="500">  alt : <a href="f?p=&APP_ID.:1:&APP_SESSION.:APPLICATION_PROCESS=DO_SHO_PDF">test.pdf</a></object>
                              2) After running your page, if it still doesn't display, then change your URL to call the ondemand process directly. It's important to get a vilid session ID before doing this. So, say your URL when you run the page is:
                              http://myhost:8000/apex/f?p=100:1:3758450953313813:::::
                              then change it to this and load the page:
                              http://myhost:8000/apex/f?p=100:1:3758450953313813:APPLICATION_PROCESS=DO_SHO_PDF

                              You should either see the PDF, garbage characters or whatever. If not, then your stored proc probably isn't working. If so, comment out all of the stored proc logic and replace with a simple htp.p('hello world'); You must be able to get the ondemand process to return something to the browser before you can proceed.
                              • 27. Re: Open a file from File Server: Security issue
                                746333
                                You have to create sho_pdf stored procedure in the database. Before that you have to create DIRECTORY object in the database to specify the location
                                of your pdf files;

                                Hope this will help.

                                Dip
                                • 28. Re: Open a file from File Server: Security issue
                                  oradbuser
                                  Ok..this worked for me...

                                  First

                                  1) I create a oracle directory to the place where i have my pdf stored
                                  2)Created the stored procedure exactly as given above (except the directory name...and stuff)
                                  3)created a html region in my page with the following region source

                                  (where the name of my application process is Show_Pdf)

                                  Click here to view pdf

                                  Now i have to figure out, how i can call the report dynamically from my interactive report based on the data retrieved from the query....

                                  Also can you tell me how would it work, if i have a subdirectory under C:\my_pdf\ like C:\my_pdf\2008 , C:\my_pdf\2009 ...etc
                                  where the pdfs are stored in respective years...

                                  Thanks.
                                  • 29. Re: Open a file from File Server: Security issue
                                    oradbuser
                                    code here
                                    a href="f?p=&APP_ID.:1:&APP_SESSION.:APPLICATION_PROCESS=Show_Pdf">Click here to view pdf

                                    Edited by: user12253705 on Apr 13, 2010 9:07 AM