Is it necessary to add any other headers to persuade the client to
download the file rather than showing it? I believe Opera will
auto-detect on application/octet-stream; they recommend
application/x-msdownload or application/x-unknown. They also gave the
hint on content-disposition...
Thanks! I may be online later; I'm having technical issues at present.
On Sat, May 06, 2006 at 01:29:10PM +0000, dbkr at freenetproject.org wrote:
> Author: dbkr
> Date: 2006-05-06 13:29:06 +0000 (Sat, 06 May 2006)
> New Revision: 8621
>
> Modified:
> trunk/freenet/src/freenet/clients/http/FproxyToadlet.java
> trunk/freenet/src/freenet/clients/http/PageMaker.java
> trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
> trunk/freenet/src/freenet/node/Version.java
> Log:
> 681: Anonymity improvents:
> * Fix bug 132 (Reinstate Internet Explorer warning)
> * Fix bug 131 (Downloads should have content-disposition: attatchment added
> too)
> * Remove http URL in xml namespace (paranoid, but the URL is not necessary)
>
>
> Modified: trunk/freenet/src/freenet/clients/http/FproxyToadlet.java
> ===================================================================
> --- trunk/freenet/src/freenet/clients/http/FproxyToadlet.java 2006-05-06
> 11:40:33 UTC (rev 8620)
> +++ trunk/freenet/src/freenet/clients/http/FproxyToadlet.java 2006-05-06
> 13:29:06 UTC (rev 8621)
> @@ -149,23 +149,34 @@
>
> String forceString = httprequest.getParam("force");
> boolean force = false;
> + boolean forcedownload = false;
> if(forceString != null) {
> if(forceString.equals(getForceValue(key, now))
> ||
>
> forceString.equals(getForceValue(key, now-FORCE_GRAIN_INTERVAL)))
> force = true;
> }
>
> - if(typeName.equals("application/x-msdownload")) {
> + if(httprequest.isParameterSet("forcedownload")) {
> // Download to disk, this should be safe, and
> is set when we do "force download to disk" from a dangerous-content-warning
> page.
> - force = true;
> + typeName = "application/x-msdownload";
> + forcedownload = true;
> }
>
> try {
> - if(!force)
> + if(!force && !forcedownload) {
> data = ContentFilter.filter(data,
> ctx.getBucketFactory(), typeName);
> + }
>
> - // Send the data, intact
> - writeReply(ctx, 200, typeName, "OK", data);
> + if (forcedownload) {
> + MultiValueTable headers = new
> MultiValueTable();
> +
> + headers.put("Content-Disposition",
> "attachment");
> + ctx.sendReplyHeaders(200, "OK",
> headers, typeName, data.size());
> + ctx.writeData(data);
> + } else {
> + // Send the data, intact
> + writeReply(ctx, 200, typeName, "OK",
> data);
> + }
> } catch (UnsafeContentTypeException e) {
> StringBuffer buf = new StringBuffer();
> ctx.getPageMaker().makeHead(buf, "Potentially
> Dangerous Content");
> @@ -176,7 +187,7 @@
> buf.append("<p>Your options are:</p><ul>\n");
> buf.append("<li><a
> href=\"/"+key.toString(false)+"?type=text/plain\">Click here</a> to open the
> file as plain text (this should not be dangerous, but it may be
> garbled).</li>\n");
> // FIXME: is this safe? See bug #131
> - buf.append("<li><a
> href=\"/"+key.toString(false)+"?type=application/x-msdownload\">Click
> here</a> to force your browser to download the file to disk.</li>\n");
> + buf.append("<li><a
> href=\"/"+key.toString(false)+"?forcedownload\">Click here</a> to force your
> browser to download the file to disk.</li>\n");
> buf.append("<li><a
> href=\"/"+key.toString(false)+"?force="+getForceValue(key, now)+"\">Click
> here</a> to open the file as "+HTMLEncoder.encode(typeName)+".</li>\n");
> buf.append("<li><a href=\"/\">Click here</a> to
> go to the FProxy home page.</li>\n");
> buf.append("</ul>");
>
> Modified: trunk/freenet/src/freenet/clients/http/PageMaker.java
> ===================================================================
> --- trunk/freenet/src/freenet/clients/http/PageMaker.java 2006-05-06
> 11:40:33 UTC (rev 8620)
> +++ trunk/freenet/src/freenet/clients/http/PageMaker.java 2006-05-06
> 13:29:06 UTC (rev 8621)
> @@ -38,7 +38,7 @@
> public void makeTopHead(StringBuffer buf) {
> buf.append("<!DOCTYPE\n"
> + " html PUBLIC \"-//W3C//DTD XHTML
> 1.1//EN\">\n"
> - + "<html xmlns=\"http://www.w3.org/1999/xhtml\";
> xml:lang=\"en\">\n"
> + + "<html xml:lang=\"en\">\n"
> + "<head>\n"
> + "<meta http-equiv=\"Content-Type\"
> content=\"text/html;\" />\n"
> +"<link rel=\"stylesheet\"
> href=\"/static/themes/"+this.theme+"/theme.css\" type=\"text/css\" />\n");
>
> Modified: trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
> ===================================================================
> --- trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
> 2006-05-06 11:40:33 UTC (rev 8620)
> +++ trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
> 2006-05-06 13:29:06 UTC (rev 8621)
> @@ -212,6 +212,15 @@
> ctx.getPageMaker().makeHead(buf, "Freenet FProxy Homepage");
> if(node.isTestnetEnabled())
> buf.append("<div style=\"color: red; font-size: 200%;
> \">WARNING: TESTNET MODE ENABLED</div>");
> +
> + String useragent = (String)ctx.getHeaders().get("user-agent");
> +
> + if (useragent != null) {
> + useragent = useragent.toLowerCase();
> + if (useragent.indexOf("msie") > -1 &&
> useragent.indexOf("opera") == -1) {
> + buf.append("<div style=\"color:
> darkred\"><b>Warning</b>: You appear to be using Internet Explorer. This
> means that some sites within Freenet may be able to compromise your
> anonymity.</div>");
> + }
> + }
>
> // Alerts
>
>
> Modified: trunk/freenet/src/freenet/node/Version.java
> ===================================================================
> --- trunk/freenet/src/freenet/node/Version.java 2006-05-06 11:40:33 UTC
> (rev 8620)
> +++ trunk/freenet/src/freenet/node/Version.java 2006-05-06 13:29:06 UTC
> (rev 8621)
> @@ -20,7 +20,7 @@
> public static final String protocolVersion = "1.0";
>
> /** The build number of the current revision */
> - private static final int buildNumber = 680;
> + private static final int buildNumber = 681;
>
> /** Oldest build of Fred we will talk to */
> private static final int lastGoodBuild = 591;
>
> _______________________________________________
> cvs mailing list
> cvs at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
>
--
Matthew J Toseland - toad at amphibian.dyndns.org
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<https://emu.freenetproject.org/pipermail/cvs/attachments/20060506/759d386d/attachment.pgp>
