[Geomoose-users] [Geomoose-developers] Open an Image

Jim Klassen Jim.Klassen at ci.stpaul.mn.us
Mon Dec 29 10:46:27 EST 2008 

And you should have a regex on $sketchName to make sure no unintended characters are present (in particular .. can be nasty). 

Alternatively, instead of PHP, you could setup apache using an appropriate set of <Directory>, Alias, and possibly RewriteRule to map the images into URL space. That way access controls/path sanitizing uses the stuff already built into apache.

>>> Dan Little <danlittle at yahoo.com> 12/29/08 9:39 AM >>>
Jay,

This type of request is really, really, really bad practice:
1) It shows the full path to the storage of all of your images.
2) That path is relative to the computer you are USING not the computer where you have the images stored.

You should really have a PHP script like the following (put it in the htdocs/php folder and name it "getSketch.php" or something intuitive):

<Xphp

$sketchName = $_REQUEST['sketch_name'];

header('Content-type: application/pdf');
readfile('c:/ms4w/apps/GeoMOOSE/htdocs/pdf/Assessing_Sketches/'.sketchName);
?>

And the hyperlink should look like this... (assuming [SKETCHNAME] is the field containing the unique ID in a mapserver template file of some sort).

<a href="php/getSketch.php?sketch_name=[SKETCHNAME]" target="photowindow">View Sketch PDF</a> 

Or if you must use the javascript windows...

<a href="javascript:window.open('php/getSketch.php?sketch_name=[SKETCHNAME]', 'photowindow', 'width=450,height=350')"> View Sketch PDF</a>




________________________________
From: Jay Kapalczynski <jkapalczynski at ci.maple-grove.mn.us>
To: "geomoose-developers at lists.sourceforge.net" <geomoose-developers at lists.sourceforge.net>; "geomoose-users at lists.sourceforge.net" <geomoose-users at lists.sourceforge.net>
Sent: Monday, December 29, 2008 9:27:09 AM
Subject: [Geomoose-users] Open an Image

 
I am having a problem here…
I have two different locations where I am storing my
imagery. As seen below with the two different paths.
I verified that the image is present in both locations, and
that the path names are correct….but for some reason I cannot get the
image in the C drive to open.  The image located in the S drive opens fine.
Can anyone see why that may be….is there some sort of
syntax issue with storing the files within the ms4w folder?
 
Not working
$p_hype2 =
"javascript:window.open('file://C:/ms4w/apps/GeoMOOSE/htdocs/pdf/Assessing_Sketches/".$p_name2."','photowindow','width=450,height=350')";
 
Working
$p_hype2 =
"javascript:window.open('file://S:/GeoImag/Assessing/Sketches/".$p_name2."','photowindow','width=450,height=350')";

More information about the Geomoose-users mailing list