Home > Archive > PHP Language > June 2006 > PHP-generated link to local file doesn't work when clicked on. Why?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
PHP-generated link to local file doesn't work when clicked on. Why?
|
|
| wylbur37 2006-05-26, 6:58 pm |
| I'm running an apache server on my own computer (Windows XP Pro).
I wrote a simple PHP script (called test3.php) that I'm running by
putting the following URL in the address bar of the browser (Firefox)
....
http://localhost/test3.php
The script generates the following link using the echo statement ...
<a href="file:///C:/pictures/xyz.jpg"> Picture </a>
("C:/pictures/xyz.jpg", as you can guess by now, is an image file on
my harddrive, but it's not in the document root).
When I clicked on the link, nothing happened. However, if I
RIGHT-click on it and select "Copy link location" (which copies the
URL to the clipboard) and then paste the URL into the address bar of
the browser, the picture then displays correctly.
Why did it not work when I clicked on the link the first time, but it
only worked when I pasted the link to the address bar?
Is there some special notation/syntax that I need to use to get this
to work properly?
| |
| John Dunlop 2006-05-26, 6:58 pm |
| wylbur37:
> <a href="file:///C:/pictures/xyz.jpg"> Picture </a>
I think - could be wrong - that Firefox doesn't follow file links,
however they're specified, in resources requested by HTTP. It sits and
does nothing. Dunno what other browsers do.
--
Jock
| |
| wylbur37 2006-05-26, 6:58 pm |
| John Dunlop wrote:
> wylbur37:
>
>
> I think - could be wrong - that Firefox doesn't follow file links,
> however they're specified, in resources requested by HTTP. It sits and
> does nothing. Dunno what other browsers do.
I have several webpages of HTML code, many of them containing links
to local files on my harddrive (just like the one show above),
and they work just fine when the webpage is opened explicitly
from the browser (and not passed through a local server).
| |
| robert 2006-05-26, 6:58 pm |
|
"John Dunlop" <usenet+2004@john.dunlop.name> wrote in message
news:1148655758.303245.293310@u72g2000cwu.googlegroups.com...
| wylbur37:
|
| > <a href="file:///C:/pictures/xyz.jpg"> Picture </a>
|
| I think - could be wrong - that Firefox doesn't follow file links,
| however they're specified, in resources requested by HTTP. It sits and
| does nothing. Dunno what other browsers do.
not sure about that. i'd try taking out the additional / after file before
thinking that were the case...
<a href="file://c:/picures/xyz.jpg">file system picture here if clicked</a>
| |
| robert 2006-05-26, 6:58 pm |
|
"Oli Filth" <catch@olifilth.co.uk> wrote in message
news:k2Fdg.1306$zv2.529@newsfe4-gui.ntli.net...
| John Dunlop said the following on 26/05/2006 16:02:
| > wylbur37:
| >
| >> <a href="file:///C:/pictures/xyz.jpg"> Picture </a>
| >
| > I think - could be wrong - that Firefox doesn't follow file links,
| > however they're specified, in resources requested by HTTP. It sits and
| > does nothing. Dunno what other browsers do.
|
| I'm not sure this makes any sense at all. By definition, a "file://"
| link is not an "http://" link, and so doesn't involve HTTP.
|
| As for why it doesn't work for the OP, though, I have no idea.
actually oli, iirc the rfc for href is for a URI and not specifically a
URL...where the resource could be even something as non-url as a javascript
function. but i've been wrong before and my memory is not the best.
i think this doesn't work because of the additional / after file://
| |
| robert 2006-05-26, 6:58 pm |
|
"Oli Filth" <catch@olifilth.co.uk> wrote in message
news:InFdg.192$nc.20@newsfe3-win.ntli.net...
| robert said the following on 26/05/2006 16:36:
| > "Oli Filth" <catch@olifilth.co.uk> wrote in message
| > news:k2Fdg.1306$zv2.529@newsfe4-gui.ntli.net...
| > | John Dunlop said the following on 26/05/2006 16:02:
| > | > wylbur37:
| > | >
| > | >> <a href="file:///C:/pictures/xyz.jpg"> Picture </a>
| > | >
| > | > I think - could be wrong - that Firefox doesn't follow file links,
| > | > however they're specified, in resources requested by HTTP. It sits
and
| > | > does nothing. Dunno what other browsers do.
| > |
| > | I'm not sure this makes any sense at all. By definition, a "file://"
| > | link is not an "http://" link, and so doesn't involve HTTP.
| > |
| > | As for why it doesn't work for the OP, though, I have no idea.
| >
| > actually oli, iirc the rfc for href is for a URI and not specifically a
| > URL...where the resource could be even something as non-url as a
javascript
| > function.
|
| Indeed, I'm aware of that ;) . However, I now realise that I've misread
| John's post, so ignore what I said!
there's a wink in there, oli...i know you know your stuff many times over.
that was my gentle supposition more for the op and john dunlop.
cheers.
| |
| wylbur37 2006-05-26, 6:58 pm |
| wylbur37 wrote:
> I'm running an apache server on my own computer (Windows XP Pro).
>
> I wrote a simple PHP script (called test3.php) that I'm running by
> putting the following URL in the address bar of the browser (Firefox)
>
> http://localhost/test3.php
>
> The script generates the following link using the echo statement ...
>
> <a href="file:///C:/pictures/xyz.jpg"> Picture </a>
>
> ("C:/pictures/xyz.jpg", as you can guess by now, is an image file on
> my harddrive, but it's not in the document root).
>
> When I clicked on the link, nothing happened. However, if I
> RIGHT-click on it and select "Copy link location" (which copies the
> URL to the clipboard) and then paste the URL into the address bar of
> the browser, the picture then displays correctly.
>
> Why did it not work when I clicked on the link the first time, but it
> only worked when I pasted the link to the address bar?
>
> Is there some special notation/syntax that I need to use to get this
> to work properly?
I just tried running the same script while in Internet Explorer
and it works.
But when I run it in Mozilla 1.4 (suite) or Firefox 1.5,
I get the problem described above.
Usually it's the other way around (i.e., it doesn't work in Internet
Explorer
but works in Mozilla or Firefox).
It must be because of some setting in the browser.
I wonder what it could be.
| |
| robert 2006-05-26, 6:58 pm |
| | Usually it's the other way around (i.e., it doesn't work in Internet
| Explorer
| but works in Mozilla or Firefox).
|
| It must be because of some setting in the browser.
| I wonder what it could be.
hmmm...that, or the browser/os integration. it could be security permissions
on the dir/file compounded with the fact that i.e. probably uses the
credentials of the currently logged in user...where ff may not.
just a guess though.
| |
| wylbur37 2006-05-26, 6:58 pm |
| robert wrote:
>
> ... i'd try taking out the additional / after file before
> thinking that were the case...
>
> <a href="file://c:/picures/xyz.jpg">file system picture here if clicked</a>
I removed one of the slashes from the echo statement,
but the interesting thing was that although the HTML that was
generated now shows a URL with only two slashes (as verified by
View SourceCode), when I hovered the mouse over the link, the status
bar (lower left corner of browser) shows it as having three slashes!
And when I did a Copy URL to clipboard, it had three slashes!
| |
| robert 2006-05-26, 6:58 pm |
|
"wylbur37" <wylbur37nospam@yahoo.com> wrote in message
news:1148659693.809863.238870@j33g2000cwa.googlegroups.com...
| robert wrote:
| >
| > ... i'd try taking out the additional / after file before
| > thinking that were the case...
| >
| > <a href="file://c:/picures/xyz.jpg">file system picture here if
clicked</a>
|
| I removed one of the slashes from the echo statement,
| but the interesting thing was that although the HTML that was
| generated now shows a URL with only two slashes (as verified by
| View SourceCode), when I hovered the mouse over the link, the status
| bar (lower left corner of browser) shows it as having three slashes!
| And when I did a Copy URL to clipboard, it had three slashes!
aint that something. actually, i bet it doesn't happen in ie...which could
be an indication of why it's not working in ff. have you thought of trying
to leave out the 'file://' portion out altogether? try it with
c:/pictures/xyz.jpg ... i'm curious if that will fix it. could just be a bug
in ff. in which case, you can merrily report it and get your credit for
bettering the world! ;^)
cheers
| |
| Martin Jay 2006-05-26, 6:58 pm |
| In message <1148654190.083042.204000@i40g2000cwc.googlegroups.com>,
wylbur37 <wylbur37nospam@yahoo.com> writes
>I'm running an apache server on my own computer (Windows XP Pro).
>
>I wrote a simple PHP script (called test3.php) that I'm running by
>putting the following URL in the address bar of the browser (Firefox)
>...
>
> http://localhost/test3.php
>
>The script generates the following link using the echo statement ...
>
> <a href="file:///C:/pictures/xyz.jpg"> Picture </a>
>
>("C:/pictures/xyz.jpg", as you can guess by now, is an image file on
>my harddrive, but it's not in the document root).
>
>When I clicked on the link, nothing happened.
It's disabled for security reasons.
There's more information about this at:
<http://kb.mozillazine.org/Links_to_local_pages_don't_work>
--
Martin Jay
Phone/SMS: +44 7740 191877
Fax: +44 870 915 2124
| |
| Martin Jay 2006-05-26, 6:58 pm |
| In message <gfFdg.13$G82.11@fe06.lga>, robert
<ab@no.spam-alama-ding-dong> writes
>"Oli Filth" <catch@olifilth.co.uk> wrote in message
>news:k2Fdg.1306$zv2.529@newsfe4-gui.ntli.net...
>| John Dunlop said the following on 26/05/2006 16:02:
>| > wylbur37:
>| >
>| >> <a href="file:///C:/pictures/xyz.jpg"> Picture </a>
>i think this doesn't work because of the additional / after file://
Your thinking is wrong: file:/// is correct.
--
Martin Jay
Phone/SMS: +44 7740 191877
Fax: +44 870 915 2124
| |
| robert 2006-05-26, 6:58 pm |
| "Martin Jay" <martin@spam-free.org.uk> wrote in message
news:Cpk8uRcxhzdEFwRi@onenet.org.uk...
| In message <gfFdg.13$G82.11@fe06.lga>, robert
| <ab@no.spam-alama-ding-dong> writes
| >"Oli Filth" <catch@olifilth.co.uk> wrote in message
| >news:k2Fdg.1306$zv2.529@newsfe4-gui.ntli.net...
| >| John Dunlop said the following on 26/05/2006 16:02:
| >| > wylbur37:
| >| >
| >| >> <a href="file:///C:/pictures/xyz.jpg"> Picture </a>
|
| >i think this doesn't work because of the additional / after file://
|
| Your thinking is wrong: file:/// is correct.
didn't say that WAS the reason it didn't work. you start with what looks
most obvious...and '///' isn't typical uri naming conventionality.
but you do what you can to try and "right" yourself.
lol
| |
| wylbur37 2006-05-31, 7:00 pm |
| Martin Jay wrote:
> wylbur37 <wylbur37nospam@yahoo.com> writes
>
> It's disabled for security reasons.
>
> There's more information about this at:
> <http://kb.mozillazine.org/Links_to_local_pages_don't_work>
What's the use of Mozilla/Firefox refusing to honor links to local
files "for security reasons" when any website can still access
a user's files anyway by means of a PHP script?
| |
| Martin Jay 2006-05-31, 7:00 pm |
| In message <1149101295.601620.259980@c74g2000cwc.googlegroups.com>,
wylbur37 <wylbur37nospam@yahoo.com> writes
>Martin Jay wrote:
>
>What's the use of Mozilla/Firefox refusing to honor links to local
>files "for security reasons" when any website can still access
>a user's files anyway by means of a PHP script?
I don't understand what you mean. Can you give an example of a PHP
script, running on a server, being able to access files on a user's
(client) machine?
--
Martin Jay
Phone/SMS: +44 7740 191877
Fax: +44 870 915 2124
| |
| wylbur37 2006-06-01, 3:58 am |
| Martin Jay wrote:
> In message <1149101295.601620.259980@c74g2000cwc.googlegroups.com>,
> wylbur37 <wylbur37nospam@yahoo.com> writes
>
> I don't understand what you mean. Can you give an example of a PHP
> script, running on a server, being able to access files on a user's
> (client) machine?
In my original posting, when I described running a PHP script called
test3.php on my localhost apache server (where the server and the
client are on the same physical computer), I could also include code
that reads and writes to the c: drive, so I assumed that if that same
script were installed on a physically remote server, it would also be
able to read and write to the C: drive of my computer if I were to
visit the webpage with that PHP script.
But now I realize that if that were the case, the C: drive that would
be accessed would be the one on the *server's* computer and not *my*
computer. Is that correct?
By the way, the informative webpage mentioned
(http://kb.mozillazine.org/Links_to_local_pages_don't_work)
said that ...
For security purposes, Firefox and Mozilla Suite block links to
local files (and directories) from remote files. This includes
linking to files on your hard drive, on mapped network drives, and
accessible via UNC paths. This prevents a number of unpleasant
possibilities, including:
* Allowing sites to detect your operating system by checking
default installation paths
* Allowing sites to exploit system vulnerabilities (e.g.,
C:\con\con in Windows 95/98)
* Allowing sites to detect browser preferences or read sensitive
data
Could someone explain how the above three "unpleasant possibilities"
could actually happen?
| |
| Martin Jay 2006-06-02, 6:59 pm |
| In message <1149143755.573486.319380@j55g2000cwa.googlegroups.com>,
wylbur37 <wylbur37nospam@yahoo.com> writes
>Martin Jay wrote:
[color=darkred]
>In my original posting, when I described running a PHP script called
>test3.php on my localhost apache server (where the server and the
>client are on the same physical computer), I could also include code
>that reads and writes to the c: drive, so I assumed that if that same
>script were installed on a physically remote server, it would also be
>able to read and write to the C: drive of my computer if I were to
>visit the webpage with that PHP script.
>But now I realize that if that were the case, the C: drive that would
>be accessed would be the one on the *server's* computer and not *my*
>computer. Is that correct?
Ah, yes. I think I understand now.
And yes, a PHP script accessing a file on the drive would look on the
server and not on the client's drive.
>By the way, the informative webpage mentioned
>(http://kb.mozillazine.org/Links_to_local_pages_don't_work)
>said that ...
>
> For security purposes, Firefox and Mozilla Suite block links to
> local files (and directories) from remote files. This includes
> linking to files on your hard drive, on mapped network drives, and
> accessible via UNC paths. This prevents a number of unpleasant
> possibilities, including:
>
> * Allowing sites to detect your operating system by checking
> default installation paths
> * Allowing sites to exploit system vulnerabilities (e.g.,
> C:\con\con in Windows 95/98)
> * Allowing sites to detect browser preferences or read sensitive
> data
>
>Could someone explain how the above three "unpleasant possibilities"
>could actually happen?
I'm not a security expert, so I'll leave this for someone with more
knowledge about the matter to provide details. There is some
information about C:\con\con at
<http://everything2.com/index.pl?node_id=83247>. Or you might get an
explanation in one of the security newsgroups.
--
Martin Jay
Phone/SMS: +44 7740 191877
Fax: +44 870 915 2124
|
|
|
|
|