<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hmm, it seems like index.php is not what it should be...<br>
<br>
Around lines 150 - 160 are a couple of lines drawing the buttons.
These used to be img tags, and are now button tags.<br>
<br>
The enabling used to work through changing the image in
display_screen.js, and now I change the css class .<br>
<br>
Can you check whether you have the correct index.php in place?<br>
<br>
Tom<br>
<br>
<br>
<div class="moz-cite-prefix">Op 25-3-2013 19:01, Ron Mitchell
schreef:<br>
</div>
<blockquote cite="mid:039601ce2982$c96faeb0$5c4f0c10$@co.uk"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Tom<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">yes you are
using the correct install but I reverted the code back to a
previous working version just to confirm that it is a recent
update that has cause that particular problem and sure
enough the buttons were working ok again.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">At the moment
the install is back to R734 so includes your updates + Johns
and has the button state problem.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Cheers<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Ron<o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span style="color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk">xerte-dev-bounces@lists.nottingham.ac.uk</a>
[<a class="moz-txt-link-freetext" href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</a>] <b>On
Behalf Of </b>Tom Reijnders<br>
<b>Sent:</b> 25 March 2013 17:50<br>
<b>To:</b> For Xerte technical developers<br>
<b>Subject:</b> [Xerte-dev] Re: SECURITY PATCH for
upload.php<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">If the buttons
don't refresh properly, it is due to my changes with the
buttons.<br>
<br>
I replaced all image buttons by html buttons. That should be
in SVN 727, but I can see it's not in this one (the links
should be buttons as well as shown below.<br>
<br>
Am I using the correct jsic xot?<br>
<br>
Tom<br>
<br>
<img id="_x0000_i1025"
src="cid:part2.05010809.01040301@tor.nl" height="641"
width="630"><br>
<img id="_x0000_i1026"
src="cid:part3.09080702.08030909@tor.nl" height="641"
width="630"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">Op 25-3-2013 18:09, Ron Mitchell schreef:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoPlainText">Hi John<o:p></o:p></p>
<p class="MsoPlainText">I've just updated the Techdis /xot
install to R734 which obviously uses Moodle authentication
and uploading via a graphics and sound page seems to work
fine now whereas as you know it didn't before.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">However I'm not sure whether it's due
to your update or the recent update by others but I notice
that there's now no state change on the workspace buttons
when a project is selected e.g. they still work but remain
greyed out<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><img id="Picture_x0020_1"
src="cid:part4.09010402.00040307@tor.nl" height="156"
width="487"><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">HTH<o:p></o:p></p>
<p class="MsoPlainText">Ron<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><span lang="EN-US">-----Original
Message-----<br>
From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk">xerte-dev-bounces@lists.nottingham.ac.uk</a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</a>]
On Behalf Of Smith, John<br>
Sent: 25 March 2013 16:02<br>
To: For Xerte technical developers<br>
Subject: [Xerte-dev] Re: SECURITY PATCH for upload.php</span><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Hi all,<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Sorry it's been a while getting to
this again but I seem to have made some headway.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">I've been able to figure out how to
jump start the Moodle session also in upload.php and it has
worked in my tests but would love to see how it fares in the
real world. Would someone be able to test this for me? I've
committed changed (some to edit.php too) as R734.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Regards,<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">John Smith<o:p></o:p></p>
<p class="MsoPlainText">Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">School of Health & Life Sciences<o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">Sent: Friday, March 15, 2013 11:39 AM<o:p></o:p></p>
<p class="MsoPlainText">To: For Xerte technical developers<o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Worth a try!! So we have to support
Firefox AND Moodle - there's that wagging dog again ;-)<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Leave it with me - once I get moodle
integration working I'll take a look at the moodle session
and see if we do anything...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Regards,<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">John Smith<o:p></o:p></p>
<p class="MsoPlainText">Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">School of Health & Life Sciences<o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Julian Tenney<o:p></o:p></p>
<p class="MsoPlainText">Sent: Friday, March 15, 2013 11:21 AM<o:p></o:p></p>
<p class="MsoPlainText">To: For Xerte technical developers<o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">No, we have to support Firefox, but
you know that already!<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">Sent: 15 March 2013 10:14<o:p></o:p></p>
<p class="MsoPlainText">To: <a moz-do-not-send="true"
href="mailto:xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">True but Moodle is a red herring
here...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">The problem is Firefox - it is the
tail... If you can live without Firefox being supported,
only in the editor, then we can probably keep Moodle auth as
is...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Depends who you want to keep
happiest...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Regards<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">John Smith<o:p></o:p></p>
<p class="MsoPlainText">Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">School of Health and Life Sciences<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Sent from Samsung Galaxy SII<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Julian Tenney <<a
moz-do-not-send="true"
href="mailto:Julian.Tenney@nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Julian.Tenney@nottingham.ac.uk</span></a>>
wrote:<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Hmm. Keen not to have a 'tail wags
dog' thing here, if moodle is the problem, then I think
that's what we should fix.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">Sent: 15 March 2013 09:10<o:p></o:p></p>
<p class="MsoPlainText">To: <a moz-do-not-send="true"
href="mailto:xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">The way the Moodle authentication
works - its so complicated that there is no way to restart
it in upload when we are using Firefox... The upload script
as reported by Ron does work as long as we're not using
Moodle<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">As i said we can check for Moodle auth
and simply not check for session but that still leaves a
gaping hole...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Bootstrapping the upload via js
'should' allow config.php to handle the session as it does
on other pages...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Regards<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">John Smith<o:p></o:p></p>
<p class="MsoPlainText">Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">School of Health and Life Sciences<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Sent from Samsung Galaxy SII<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Julian Tenney <<a
moz-do-not-send="true"
href="mailto:Julian.Tenney@nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Julian.Tenney@nottingham.ac.uk</span></a>>
wrote:<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">So is the problem the upload script,
or the way the moodle authentication works?<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">Sent: 14 March 2013 16:41<o:p></o:p></p>
<p class="MsoPlainText">To: For Xerte technical developers<o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Yes, Flash seems to already add
&sessionid to the end of the query string and if I take
that and use session_id(querystringsessionid) before calling
session_start() then it works...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">If I rely on the session start in
config.php then it doesn't execute if using moodle
authentication and so the session check fails...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Just thought though that I was still
checking the xerte session variable whereas if I can find a
moodle one to check then it 'might' still work...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Only problem is that I don't have a
working moodle install?!? Well I do - on a pen drive copied
from someone in Nottingham (Thomas?) but I don't know the
password to login to moodle... was there a default
password?? anyone??<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Regards,<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">John Smith<o:p></o:p></p>
<p class="MsoPlainText">Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">School of Health & Life Sciences<o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Julian Tenney<o:p></o:p></p>
<p class="MsoPlainText">Sent: Thursday, March 14, 2013 4:24 PM<o:p></o:p></p>
<p class="MsoPlainText">To: For Xerte technical developers<o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Is it the case that you got it working
in all browsers EXCEPT when using moodle authentication?<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">Sent: 14 March 2013 16:22<o:p></o:p></p>
<p class="MsoPlainText">To: For Xerte technical developers<o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">I'm sure if upload.php knows that it's
Firefox and then checks the authentication method then it
can set the passed session id IF NOT moodle but then we
might have to bypass the session check if not Moodle... not
really a solution...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">I think we might have to resort to js
though...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Regards,<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">John Smith<o:p></o:p></p>
<p class="MsoPlainText">Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">School of Health & Life Sciences<o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Julian Tenney<o:p></o:p></p>
<p class="MsoPlainText">Sent: Thursday, March 14, 2013 4:12 PM<o:p></o:p></p>
<p class="MsoPlainText">To: For Xerte technical developers<o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Do you think we should take Flash out
of the picture and call some JS from the wizard swf? We can
still do some sort of progress / notification stuff I think.
All you need to pass to upload is the file's path on the
local machine, right?<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">This has got to be sortable though,
surely, but if it's gribbly and there's an alternative,
let's do that.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a>
[<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">Sent: 13 March 2013 11:30<o:p></o:p></p>
<p class="MsoPlainText">To: <a moz-do-not-send="true"
href="mailto:xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Hi Pat<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Yeah its the Firefox Flash Cookie
thing that's the real ball breaker... we are still including
config.php BUT...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">If we are in Firefox and include
config.php before setting the session id then when config
starts session we get a new session id<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Until we start session in upload.php
though we can't tell if we are in firefox or using moodle..<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">I suppose we can add some more complex
logic as you say which checks what authentication method we
are using and does whatever is required... We might need to
indicate from flash though what browser we are using
otherwise we might still miss one of the option - Using
Firefox with moodle authentication i think cannot be
detected at present...<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Regards<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">John Smith<o:p></o:p></p>
<p class="MsoPlainText">Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">School of Health and Life Sciences<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Sent from Samsung Galaxy SII<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">"Pat @ Pgogy" <<a
moz-do-not-send="true"
href="mailto:xerte@pgogywebstuff.com"><span
style="color:windowtext;text-decoration:none">xerte@pgogywebstuff.com</span></a>>
wrote:<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Try including config.php or doing a
MySQL select db back to the xerte db, that fixed most of the
moodle problems before<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Pgogy Webstuff - <a
moz-do-not-send="true" href="http://www.pgogywebstuff.com"><span
style="color:windowtext;text-decoration:none">http://www.pgogywebstuff.com</span></a>
Makers of web things of a fair to middling quality<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">On 12 Mar 2013, at 21:20, "Smith,
John" <<a moz-do-not-send="true"
href="mailto:J.J.Smith@gcu.ac.uk"><span
style="color:windowtext;text-decoration:none">J.J.Smith@gcu.ac.uk</span></a>>
wrote:<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">> Hi Ron,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Hmmm there is some session
restart code although it should be restarting the same
session as the session id is being passed from Flash... I
wonder why it's killing Moodle session though and none of
the others... very strange - i'll revert the changes back
while we investigate...damn though we had almost cracked
it...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Regards,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> John Smith | Learning
Technologist<o:p></o:p></p>
<p class="MsoPlainText">> Room A251, Govan Mbeki Building |
School of Health & Life Sciences | <o:p></o:p></p>
<p class="MsoPlainText">> Glasgow Caledonian University
Cowcaddens Road | Glasgow | G4 0BA <o:p></o:p></p>
<p class="MsoPlainText">>
________________________________________<o:p></o:p></p>
<p class="MsoPlainText">> From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk">xerte-dev-bounces@lists.nottingham.ac.uk</a>]
On Behalf Of Ron Mitchell <o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:ronm@mitchellmedia.co.uk">ronm@mitchellmedia.co.uk</a>]<o:p></o:p></p>
<p class="MsoPlainText">> Sent: 12 March 2013 20:31<o:p></o:p></p>
<p class="MsoPlainText">> To: 'For Xerte technical
developers'<o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Hi John<o:p></o:p></p>
<p class="MsoPlainText">> I tested further and the issue
only seems to occur with Moodle authentication enabled.
Uploading works fine with guest authentication and static
authentication I can't easily test LDAP authentication.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> So I guess this is either session
related or a js clash?<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Have you added any session start
code that's perhaps killing the Moodle session? You have
access to the /xot install to check js via console etc and
I've set it back to use Moodle authentication so at the
moment it's easy to replicate the issue.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> I know this probably going to
raise the old chestnut about Moodle integration etc but
obviously all worked fine prior to the recent changes and
does when reverting back too.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Cheers<o:p></o:p></p>
<p class="MsoPlainText">> Ron<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Ron <o:p></o:p></p>
<p class="MsoPlainText">> Mitchell<o:p></o:p></p>
<p class="MsoPlainText">> Sent: 12 March 2013 20:17<o:p></o:p></p>
<p class="MsoPlainText">> To: 'For Xerte technical
developers'<o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Hi John<o:p></o:p></p>
<p class="MsoPlainText">> Alistair reported that it was
happening with Chrome and IE. I'm not sure what browser
Simon was using but I tested via IE9 and was able to
reproduce. But...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> I'm almost hesitant to mention
this...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> I'd updated my own install which
worked fine so I started thinking about what the differences
are and apart from server differences a key difference is
that the Techdis installs are using Moodle for
authentication. I switched the xot install to guest and
still got the problem. I then removed the integration path
via management, logged back in and was able to upload ok. I
then switched back to Moodle authentication and put the
integration path back in and was still able to upload. So
intermittent results at the moment but it does seem like it
could be session related. I'm only online until about 9pm
tonight but will test further and again in the morning.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Cheers<o:p></o:p></p>
<p class="MsoPlainText">> Ron<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Smith, <o:p></o:p></p>
<p class="MsoPlainText">> John<o:p></o:p></p>
<p class="MsoPlainText">> Sent: 12 March 2013 19:56<o:p></o:p></p>
<p class="MsoPlainText">> To: <a moz-do-not-send="true"
href="mailto:xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Hi Ron<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Do you know if this is using
Firefox or one of the other browsers? I've tested it using
several of the models (albeit on Xampp - not sure what setup
Julian tested it on) in the 3 mainstream browsers and it's
been working fine, except for the erroneous messages which
we are still trying to figure out the best way to catch them
in Flash...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> I'll patch one in an hour or so
and if you could try it out then it might give us a clue as
to whether its the session problem or something else...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Regards<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> John Smith<o:p></o:p></p>
<p class="MsoPlainText">> Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">> School of Health and Life
Sciences<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent from Samsung Galaxy SII<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Ron Mitchell <<a
moz-do-not-send="true"
href="mailto:ronm@mitchellmedia.co.uk"><span
style="color:windowtext;text-decoration:none">ronm@mitchellmedia.co.uk</span></a>>
wrote:<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Hi<o:p></o:p></p>
<p class="MsoPlainText">> sorry been quiet for a week or so
(on holiday) but back now and updated the Techdis
installations from svn (not sandpit) and Alistair and Simon
reported issues with uploading images. I reverted one
installation back and that worked again but I've left the
latest code in the /xot test install which doesn't work.
Basically uploads seem to work ok via media & quota but
not via a graphics and sound page for instance. The image
appears to upload and an upload successful prompt appears
but the image doesn't actually upload. Any ideas?<o:p></o:p></p>
<p class="MsoPlainText">> Ron<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From: <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> [<a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]
On Behalf Of Julian <o:p></o:p></p>
<p class="MsoPlainText">> Tenney<o:p></o:p></p>
<p class="MsoPlainText">> Sent: 11 March 2013 16:18<o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> There's no more detail: here's a
screenshot showing the code and the relevant events to the
left. onComplete means 'successfully uploaded', so the
answer will lie in the upload.php and whether, if uploading
fails, it's reflected back in the Flash stuff.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> I've added some alerts for now so
you can see what gets tripped, we <o:p></o:p></p>
<p class="MsoPlainText">> can take these out later, and
I’ve commited the wizard with these in ,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> listener.onComplete = function(<a
moz-do-not-send="true" href="file:///%5C%5CFileReference">file:FileReference</a>):Void
{<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Alert.show("Upload
successful");<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --etc--<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> }<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> listener.onHTTPError = function(<a
moz-do-not-send="true" href="file:///%5C%5CFileReference">file:FileReference</a>):Void
{<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Alert.show("Upload failed:
HTTPError");<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --etc--<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> }<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> listener.onIOError = function(<a
moz-do-not-send="true" href="file:///%5C%5CFileReference">file:FileReference</a>):Void
{<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Alert.show("Upload failed:
IOError");<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --etc--<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> }<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> listener.onSecurityError =
function(<a moz-do-not-send="true"
href="file:///%5C%5CFileReference">file:FileReference</a>,
<o:p></o:p></p>
<p class="MsoPlainText">> errorString:String):Void {<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Alert.show("Upload failed:
Security Error");<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --etc--<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> }<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">> Sent: 11 March 2013 15:42<o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Are you using FileReference
class? This code snippet suggests you can <o:p></o:p></p>
<p class="MsoPlainText">> extract data from the DataEvent
object in the UPLOAD_COMPLETE_DATA <o:p></o:p></p>
<p class="MsoPlainText">> with var strData:String =
StringUtil.trim(evt.data);<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> private function init():void {<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> fileRef = new
FileReference();<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">>
fileRef.addEventListener(Event.SELECT, fileRef_select);<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">>
fileRef.addEventListener(Event.COMPLETE,<o:p></o:p></p>
<p class="MsoPlainText">> fileRef_complete);<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">>
fileRef.addEventListener(IOErrorEvent.IO_ERROR,<o:p></o:p></p>
<p class="MsoPlainText">> fileRef_ioError);<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">>
fileRef.addEventListener(DataEvent.UPLOAD_COMPLETE_DATA,<o:p></o:p></p>
<p class="MsoPlainText">> fileRef_uploadCompleteData);<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> urlReq = new
URLRequest();<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> urlReq.url =<o:p></o:p></p>
<p class="MsoPlainText">> "<a moz-do-not-send="true"
href="http://localhost:8300/fileref/uploader.cfm"><span
style="color:windowtext;text-decoration:none">http://localhost:8300/fileref/uploader.cfm</span></a>";<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> }<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> private function<o:p></o:p></p>
<p class="MsoPlainText">>
fileRef_uploadCompleteData(evt:DataEvent):void {<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> var strData:String
= StringUtil.trim(evt.data);<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> var
vars:URLVariables = new URLVariables(strData);<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">>
Alert.show(vars.fileName, "fileName");<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> }<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Regards,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> John Smith<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> School of Health & Life
Sciences<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: Monday, March 11, 2013 3:19
PM<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Yeah it should because the upload
page completes... you could try sticking a number in the
exit function for the blacklist and see if you can get the
number, exit(5); for example...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> At least the session bit seems to
work... I've taken out all the whitelist code and mimetype
stuff just now but I have another upload file I'm working on
which attempts to detect the mimetype using several
techniques contained in drupal and wordpress modules - will
let you know if it pans out...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Regards,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> John Smith<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> School of Health & Life
Sciences<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Julian Tenney<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: Monday, March 11, 2013 2:32
PM<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> If I try and upload php files,
onComplete still fires...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Julian Tenney<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: 11 March 2013 14:27<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Hold on, I'll see if I can get
the events to trip,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: 11 March 2013 14:20<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Yeah, it’s the Flash end...
didn't seem to be doing anything no matter the content of
the php PRINT statements so I just removed them for
brevity... They were all in English anyway...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Regards,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> John Smith<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> School of Health & Life
Sciences<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: Monday, March 11, 2013 1:57
PM<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> No way to receive whether the
upload was successful or not?<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Regards,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> John Smith<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> School of Health & Life
Sciences<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Julian Tenney<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: Monday, March 11, 2013 1:48
PM<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> I'm not sure you can do much with
that class, it's just a black box.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: 11 March 2013 13:33<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Perhaps it should just feedback
error codes, and the flash class translates them...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Regards,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> John Smith<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Learning Technologist<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> School of Health & Life
Sciences<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Glasgow Caledonian University<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Julian Tenney<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: Monday, March 11, 2013 1:21
PM<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> NO, I forget the details but
there is a flash player class that does the upload thing.
I'll give it a whirl.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> From:<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk%3cmailto:xerte-dev-bounces@list"><span
style="color:windowtext;text-decoration:none">xerte-dev-bounces@lists.nottingham.ac.uk<mailto:xerte-dev-bounces@list</span></a><o:p></o:p></p>
<p class="MsoPlainText">> s.nottingham.ac.uk> [<a
moz-do-not-send="true"
href="mailto:xerte-dev-bounces@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">mailto:xerte-dev-bounces@lists.nottingham.ac.uk</span></a>]<o:p></o:p></p>
<p class="MsoPlainText">> On Behalf Of Smith, John<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sent: 11 March 2013 12:45<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> To: For Xerte technical
developers<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Xerte-dev] Re: SECURITY
PATCH for upload.php<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Hi Julian, give that a try...
Does the flash editor do anything with the returned/echoed
text? I've taken them out because they didn't seem to be
doing anything in the Flash end and they could give hints to
a hacker as to why their attempt was quashed...<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Glasgow Caledonian University is
a registered Scottish charity, number<o:p></o:p></p>
<p class="MsoPlainText">> SC021474<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6</span></a><o:p></o:p></p>
<p class="MsoPlainText">> 219,en.html<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,1"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,1</span></a><o:p></o:p></p>
<p class="MsoPlainText">> 5691,en.html
_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">> Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">>
_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">> Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">>
_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">> Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Glasgow Caledonian University is
a registered Scottish charity, number<o:p></o:p></p>
<p class="MsoPlainText">> SC021474<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6</span></a><o:p></o:p></p>
<p class="MsoPlainText">> 219,en.html<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,1"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,1</span></a><o:p></o:p></p>
<p class="MsoPlainText">> 5691,en.html<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">>
_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">> Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">> This message and any attachment
are intended solely for the addressee and may contain
confidential information. If you have received this message
in error, please send it back to me, and immediately delete
it. Please do not use, copy or disclose the information
contained in this message or in any attachment. Any views
or opinions expressed by the author of this email do not
necessarily reflect the views of the University of
Nottingham.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> This message has been checked for
viruses but the contents of an <o:p></o:p></p>
<p class="MsoPlainText">> attachment may still contain
software viruses which could damage your computer system:<o:p></o:p></p>
<p class="MsoPlainText">> you are advised to perform your
own checks. Email communications with <o:p></o:p></p>
<p class="MsoPlainText">> the University of Nottingham may
be monitored as permitted by UK legislation.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University is a
registered Scottish charity, number SC021474<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University is a
registered Scottish charity, number SC021474<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University is a
registered Scottish charity, number SC021474<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University is a
registered Scottish charity, number SC021474<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University is a
registered Scottish charity, number SC021474<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University is a
registered Scottish charity, number SC021474<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Glasgow Caledonian University is a
registered Scottish charity, number SC021474<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Widening Participation Initiative of the Year 2009 and
Herald Society’s Education Initiative of the Year 2009.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Winner: Times Higher Education’s
Outstanding Support for Early Career Researchers of the Year
2010, GCU as a lead with Universities Scotland partners.<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html"><span
style="color:windowtext;text-decoration:none">http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html</span></a><o:p></o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">Xerte-dev mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="mailto:Xerte-dev@lists.nottingham.ac.uk"><span
style="color:windowtext;text-decoration:none">Xerte-dev@lists.nottingham.ac.uk</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a moz-do-not-send="true"
href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev"><span
style="color:windowtext;text-decoration:none">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</span></a><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Xerte-dev mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:Xerte-dev@lists.nottingham.ac.uk">Xerte-dev@lists.nottingham.ac.uk</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>--<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Tom Reijnders<o:p></o:p></pre>
<pre>TOR Informatica<o:p></o:p></pre>
<pre>Chopinlaan 27<o:p></o:p></pre>
<pre>5242HM Rosmalen<o:p></o:p></pre>
<pre>Tel: 073 5226191<o:p></o:p></pre>
<pre>Fax: 073 5226196<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Xerte-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Xerte-dev@lists.nottingham.ac.uk">Xerte-dev@lists.nottingham.ac.uk</a>
<a class="moz-txt-link-freetext" href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196
</pre>
</body>
</html>