secure = 1

Archived from the Xataface Users forum.

sim — Wed Jan 04, 2012 10:28 am

Hi all,

I need help with securing direct access to the download directory.

The files are stored on the file system , .htaccess has “Deny from all” and every thing works as it should i.e. no one can directly access the download directory and xataface correctly converts the links to “-action=getBlob”

The problem is that the downloaded file is always corrupt (Even when logged in with root user). The files opens correctly when the secure = 1 directive is commented out and the problem returns when it is switched on.

Fiddling further revels that once secure = 1 is switched on xataface automatically injects space/line break at the beginning of the downloaded document and an application when tries to access the file sees it as corrupted. Just to be sure i have manually removed the line break once a file is downloaded with secure =1 and the file contents are rendered without an issue. Is there a way to avoid this behavior?
Update - pdfs render fine!

Thanks

shannah — Thu Jan 05, 2012 6:23 am

Hmm.. This is strange. It is possible that some extra whitespace at the end of a delegate class could be finding its way in there.
Verify that any PHP scripts included don’t have any whitespace before the <? and after the ?> tags. Best practice is just to omit the closing ?> (PHP automatically assumes it is at the end of the script in this case).

-Steve

sim — Thu Jan 05, 2012 12:03 pm

Thanks Steve. I removed the trailing ?> but the problem persists. Only occurs in .doc .docx .xsl etc formats. Unsure why this behavior. Currently using .htaccess and other means to partially thwart direct access.

shannah — Mon Jan 09, 2012 12:42 pm

Are you storing the mimetype of the file in a separate field? It would be interesting to look at the raw HTTP response from the web server for these things to see if and where it is adding a new line to the response.

sim — Tue Jan 10, 2012 3:54 am

Thanks Steve,

The only diiference between the raw output is binary type and content length header, also I am not using mimetype etc and here is how fields.ini looks like:
#########################################################
[xxxxxx]
widget:label = “App”
validators:required = 1
order=42
group=mandatory
widget:type = file
allowed_extensions = doc,docx,rtf
Type=container
savepath=tables/files
visibility:list=hidden
secure = 1
visibility:find=hidden

####################################
SECURE = 1
####################################

GET /xxx/index.php?-action=getBlob&-table=xxx&-field=xxx&-index=0&id=145 HTTP/1.1 Host: xxx User-Agent: Mozilla/5.0 (Ubuntu; X11; Linux x86\_64; rv:8.0) Gecko/20100101 Firefox/8.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,\*;q=0.7 Proxy-Connection: keep-alive Referer: [http://xxx/index.php?-table=xxx&-action ... 3Fid%3D145](http://xxx/index.php?-table=xxx&-action=browse&-cursor=135&-skip=120&-limit=30&-mode=list&-recordid=xxx%3Fid%3D145) Cookie: 84ed7f5888ea7637e37fe7edb158c05b=uoij0nvedg7kug5pvdago6thh3; dataface\_\_lang=en; PHPSESSID=bii5d02vrhliajq3qiu8asobn5 HTTP/1.1 200 OK Date: Tue, 10 Jan 2012 09:54:50 GMT Server: Apache/2.2.17 (Ubuntu) PHP/5.3.5-1ubuntu7.3 with Suhosin-Patch X-Powered-By: PHP/5.3.5-1ubuntu7.3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" Set-Cookie: PHPSESSID=bii5d02vrhliajq3qiu8asobn5; expires=Wed, 11-Jan-2012 09:54:50 GMT; path=/ Content-disposition: attachment; filename="xxx.doc" Content-Type: application/vnd.ms-excel; charset=binary Content-Length: 399873 ￐ᅬ¢ᄀᄆ£\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00>\00\00\EF\BF\BE\EF\BF\BF \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00\00\00\00\00ᅦ\00\00\00\00\00\EF\BF\BE\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00%\00\00&\00\00'\00\00\*\00\00ᅨ\00\00t\00\00�\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF↓ᆬ￁\00[タ \00\00￸﾿\00\00\00\00\00\00\00\00\00\00\00\00\007Y\00\00bjbjᆲᆲ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00A^\00ᅫミ\00ᅫミ\00뿌\00\00\00\00\00\00-\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᄋ\00\00\00\00\00ニ\00\00\00\00\00\00ニ\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00￯\00\00\00\00\00\00￯\00\00\00\00\00\00￯\00\008\00\00\00'\00\00\00\00;\00\00￴\00\00\00￯\00\00\00\00\00\00"メ\00\00ヤ\00\00/\00\00¬\00\00"\00\00\00\00\00'"\00\00\00\00\00\00'"\00\00\00\00\00\00'"\00\00\00\00\00\007$\00\00~\00\00ᄉ&\00\00ᄐ\00\00\00q'\00\00`\00\00\00ᄀム\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᄊヤ\00\00ᄁ\00\00Xラ\00\00N\00\00\00ᆪム\00\009\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\007$\00\00\00\00\00\007$\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ᆪム\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00\00\00\00\00\00\00\00\00'"\00\00\00\00ᅵム\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00\00\00\00\00￑'\00\00ᆴ\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00ᄀム\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00ᄀム\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00ᅭ\00\00ᄅテ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅰヘ\00\00\00\00\00\00'"\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00￁%ペᅩ\00\00\00\00\00\00\00\00￯\00\00\00\00\00\00)\00\00\00\00￁ヌ\00\00^\00\00\00\00\00\00\00\00\00\00\00ヘム\00\00\00\00\00￲ム\00\000\00\00\00"メ\00\00\00\00\00\00ネ\00\00ᄊ\00\00ᆭラ\00\00\00\00\00\00ナ\*\00\00ᄒ\00\00\00ᆭラ\00\00ᄐ\00\00\00ᅰヘ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅰヘ\00\00\00\00\00ᆭラ\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00←ヘ\00\00ᄂ\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00C+\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00"メ\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00ᆭラ\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ニ\00\00 \00\00ᄀ\00\00:\00\00\00\00\00 \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 READEABLE TEXT STARTS #################### SECURE = 0 #################### GET /xxx/tables/xxx/xxx/xxx.doc HTTP/1.1 Host: xxx User-Agent: Mozilla/5.0 (Ubuntu; X11; Linux x86\_64; rv:8.0) Gecko/20100101 Firefox/8.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,\*;q=0.7 Proxy-Connection: keep-alive Referer: [http://xxx/index.php?-table=xxx&-action ... 3Fid%3D145](http://xxx/index.php?-table=xxx&-action=browse&-cursor=135&-skip=120&-limit=30&-mode=list&-recordid=xxx%3Fid%3D145) Cookie: 84ed7f5888ea7637e37fe7edb158c05b=uoij0nvedg7kug5pvdago6thh3; dataface\_\_lang=en; PHPSESSID=bii5d02vrhliajq3qiu8asobn5 HTTP/1.1 200 OK Date: Tue, 10 Jan 2012 09:58:55 GMT Server: Apache/2.2.17 (Ubuntu) PHP/5.3.5-1ubuntu7.3 with Suhosin-Patch Last-Modified: Tue, 10 Jan 2012 08:07:25 GMT ETag: "d60056-61a00-4b62801682764" Accept-Ranges: bytes Content-Length: 399872 Content-Type: application/msword ￐ᅬ¢ᄀᄆ£\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00>\00\00\EF\BF\BE\EF\BF\BF \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00\00\00\00\00ᅦ\00\00\00\00\00\EF\BF\BE\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00%\00\00&\00\00'\00\00\*\00\00ᅨ\00\00t\00\00�\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF↓ᆬ￁\00[タ \00\00￸﾿\00\00\00\00\00\00\00\00\00\00\00\00\007Y\00\00bjbjᆲᆲ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00A^\00ᅫミ\00ᅫミ\00뿌\00\00\00\00\00\00-\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᄋ\00\00\00\00\00ニ\00\00\00\00\00\00ニ\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00￯\00\00\00\00\00\00￯\00\00\00\00\00\00￯\00\008\00\00\00'\00\00\00\00;\00\00￴\00\00\00￯\00\00\00\00\00\00"メ\00\00ヤ\00\00/\00\00¬\00\00"\00\00\00\00\00'"\00\00\00\00\00\00'"\00\00\00\00\00\00'"\00\00\00\00\00\007$\00\00~\00\00ᄉ&\00\00ᄐ\00\00\00q'\00\00`\00\00\00ᄀム\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᄊヤ\00\00ᄁ\00\00Xラ\00\00N\00\00\00ᆪム\00\009\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\007$\00\00\00\00\00\007$\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ᆪム\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00\00\00\00\00\00\00\00\00'"\00\00\00\00ᅵム\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00\00\00\00\00￑'\00\00ᆴ\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00ᅴ\00\00\00\00\00\00'"\00\00\00\00\00\00ᄀム\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00ᄀム\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00C+\00\00ᅭ\00\00ᄅテ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅰヘ\00\00\00\00\00\00'"\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00￁%ペᅩ\00\00\00\00\00\00\00\00￯\00\00\00\00\00\00)\00\00\00\00￁ヌ\00\00^\00\00\00\00\00\00\00\00\00\00\00ヘム\00\00\00\00\00￲ム\00\000\00\00\00"メ\00\00\00\00\00\00ネ\00\00ᄊ\00\00ᆭラ\00\00\00\00\00\00ナ\*\00\00ᄒ\00\00\00ᆭラ\00\00ᄐ\00\00\00ᅰヘ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅰヘ\00\00\00\00\00ᆭラ\00\00\00\00\00\00\00\00\00\00\00\00\00\00ᅴ\00\00\00\00\00\00←ヘ\00\00ᄂ\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00C+\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ᆪム\00\00\00\00\00\00ᆪム\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00C+\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00"メ\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\00\00\00\00\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00\EF\BF\BF\EF\BF\BF\EF\BF\BF\EF\BF\BF\00\00\00\00ᆭラ\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00￑'\00\00\00\00\00\00ニ\00\00 \00\00ᄀ\00\00:\00\00\00\00\00 \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 ############################## READABLE TEXT STARTS ############################## I can however confirm secure=1 works as it should as I have tested it in another test environment which leads me to the conclusion that the issue is local. I will figure this out and share with all. Thanks again --- **shannah** — Tue Jan 10, 2012 11:49 am What version of Xataface are you using? The headers seem to be coming in a different order than they the code suggests. The Content-Disposition header is the last one that is output in the code that I'm looking at here. However I can't be sure that PHP doesn't rearrange the headers itself. --- **sim** — Tue Jan 10, 2012 11:31 pm Thanks I'll dig deeper and will share the finding --- **simbioc** — Fri Mar 16, 2012 3:10 am The following solved the issue: Added ob\_clean() at approximately line # 139 in blog.php i.e. xataface/Dataface/Application/blob.php Just after these two lines: header('Content-type: '.$rec->getMimetype($fieldname)); header('Content-disposition: attachment; filename="'.basename($rec->val($fieldname)).'"'); ob\_clean(); and now doc, docx etc all render as they should. Not been able to however find an answer to why it worked with secure = 0 Thank you all --- **shannah** — Fri Mar 16, 2012 9:40 am Do you make any calls to ob\_start() in your application (e.g. in your index.php file?) --- **simbioc** — Fri Mar 16, 2012 6:23 pm No steve, BTW Version 2 is long awaited and am really hoping it includes dynamic uploads. Thanks for all your hardwork --- **shannah** — Fri Mar 16, 2012 8:22 pm My guess is that you must have some white space in one of your delegate classes (after a closing ?> tag or before a tag or before a <?php tag). You should try to hunt down this problem as it could cause problems elsewhere also. As for version 2 it is still under active development.. Some things are being worked out. The ajax upload widget is complete (though requires 2.0 to work). [http://xataface.com/dox/modules/ajax\_upload/latest/](http://xataface.com/dox/modules/ajax_upload/latest/) Still don't have an exact release date for 2.0.... There are a number of things that still are being finalized.