Archive for October, 2006

Update on the IE7 Security Flaw

According to Microsoft it doesn’t have one. Apparently, the security issue that I talked about the other day is actually in Outlook Express but can be exploited through Internet Explorer.

That’s OK then…

Advertisements

Run Internet Explorer 6 & 7 together on the same machine.

Web designers need to test their sites on a number of different browsers and one of the big gripes about IE7 is that it doesn’t allow you to leave IE6 on your machine when you install it. The same is true for IE6 and IE5.5, IE5 etc…

Well, here’s how you do it.

UPDATE: After writing this post I realised that the method below is fraught with problems not least of which is the fact that whilst it looks like IE6 I think it is actually using the gubbins from IE7 and it is really slow and buggy anyway. I have since discovered a standalone version of IE6 that is definitely IE6 and actually works… Download it here. I have left my original post below for posterity. Apologies to those of you that wasted your time dicking around with my original instructions…

ANOTHER UPDATE:  Yousif has got an installer that ‘installs’ all previous versions of IE back to 3 as standalone applications. He also gives a couple of registry edits that affect things like conditional comments etc.
<crap>

Before installing IE7 make a copy of the installation directory of IE6 which is usually at C:/Program Files/Internet Explorer. Leave the copy in your Program Files directory and name it Internet Explorer 6 or for that matter whatever you fancy, “Dennis” for example.

After installing IE7 if you run iexplore.exe from your Internet Explorer 6 directory it will just start IE7, unless that is you follow these steps.

Create a new text file called iexplore.exe.local in your Internet Explorer 6 directory. Make sure that you have renamed it correctly and not iexplore.exe.local.txt as this, funnily enough, doesn’t work. (disable “Hide extensions for known file types” in Tools/Folder Options/View if you haven’t already.) The iexpore.exe in your v6 directory will now open up IE6…

</crap>

This is old news but I thought I’d resurrect it in light of the new release of Internet Explorer and the fact that people on the beta forums were still complaining about the lack of support for mulitple versions. It obviously isn’t old news to them.

There are a number of sites detailing how to run IE7 in standalone mode leaving IE6 as it is but I think that is a bit arse about face. You want to install IE7 and have the old version(s) in buggy standalone mode surely…

This works with previous versions of IE which Peter-Paul Koch has kindly hosted for you here along with a list of issues when using this technique.

Generic Methods… Now there’s a thing

Like the rest of the .NET world I have been soaking up the classes in the System.Collections.Generic namespace which have saved me a shed load of lines of custom collection code.

The other day I was writing some CodeSmith templates and needed a class to represent a property that could be hydrated from an XmlNode. And thus I began…

private XmlNode _propNode; 

public string Name 

{ 

    get 

    { 

        string attName = "name"; 

        //check the attribute exists 

        if (_propNode.Attributes[attName] != null) 

            //it does so return it 

            return _propNode.Attributes[attName].Value; 

        //it doesn't so return an empty string 

        return string.Empty; 

    } 

}

After the first few properties I realised I needed to refactor the XmlNode reading out as I was going to have about 20 properties that did the same thing. The problem was that the Value property of the Attribute returns a string so I was going to have to do some type conversion and so would need a method for each type string, int and bool that I needed. I seemed to recall reading about Generic methods and so I investigated… As it turns out I ended up wrapping this method with a method for each type anyway but I discovered Generic methods along the way which I’d not taken advantage of before.

public void GetAttributeValue<T>(ref T attValue, 

    XmlNode nodeToParse, string attName) 

{ 

    //check the attribute exists 

    if(nodeToParse.Attributes[attName] != null) 

    { 

        //get the string value 

        string strVal = nodeToParse.Attributes[attName].Value; 

        //set the attributeValue that has  

        //been passed in by reference, casting it 

        //from an object using the Generic parameter 

        //and using its own type to perform the conversion 

        attValue = (T)Convert.ChangeType(strVal, 

            typeof(attValue)); 

        attValue = (T)Convert.ChangeType(strVal, 

            typeof(T)); 

    } 

}

You can’t specify a Generic return type so you get the value out by passing in an argument by reference. So, you call this method like so:

public bool IsPrimaryKey 

{ 

    get 

    { 

        //set your default value here 

        //that is returned if the attribute 

        //doesn't exist 

        bool returnVal = false; 

        //call the method specifying the type 

        GetAttributeValue<bool>(ref returnVal, 

            _propNode, "isPrimaryKey"); 

        return returnVal; 

    } 

}

This allowed me to use the same method for all of the types of parameter I wanted to fill from the XmlNode’s attributes.

In the end this didn’t save me a great deal of code from doing it without using Generics and I still ended up casting the return value from an object so there would be no performance benefit either (not that performance was an issue here) but it is definitely an interesting language feature that I am sure I will find more uses for…

Internet Explorer 7 Vulnerability

IE 7 was released today and within seconds there was a vulnerability released by Secunia. There are two sides to this…

First, heads are going to roll at Microsoft I would have thought because of all of the ‘we waited forever to get all of this out of the door to make sure it was secure’ hype we have had from them for a while. The last thing they need prior to the release of Vista, which incidentally does not suffer the vulnerability with IE7, is what will undoubtedly become a high profile vulnerability on the day IE7 shipped.

The other side, which makes me sick in some ways… I would bet my left teste that Secunia knew about this vulnerability during the beta and yet, rather than disclose it to Microsoft, as technically they should if they were using the beta, they waited until minutes after the release was announced to tell the world. What does Secunia stand to gain in undermining Microsoft’s security reputation, like it needed undermining in the first place.

I don’t know… You tell me.

ActualAl Rides Again…

Bit of a tangent from my usual guff but if you are a fan of music on the Internet ActualAl has resurrected his blog following a parental hiatus and is once again scouring the web on your behalf.

While you wait for GDrive ‘Platypus’

Some people are wetting themselves with excitement (or at least bothering to blog) about the rumored GDrive ‘Platypus’ client that seems to be being used internally within Google.

The consensus is this isn’t coming anytime soon but if you fancy a bit of free online storage have a look at the GMail Drive Shell Extension which will give you another drive that uses your GMail account for storage.

Flash Video Files (.flv) and IIS

I spent the afternoon scratching my head after moving some Flash video files from my dev machine up to the web. Being essentially multi-threaded I did do some other stuff as well so it probably wasn’t as big of a problem as I am making out. Anyway…

I uploaded the files and then the viewer application thing couldn’t access them. Within the application I was switching the source of the player by replacing its HTML in the DOM using JavaScript and thus changing the videos, at least it was supposed to. (My recent discovery of the Scriptaculous/Prototype libraries made this a joy by the way.) Because of this being a bit fancy I spent quite a while blaming that and meddling with it to no avail.

I eventually had an epiphany and checked the MIME types on the server. The gist of these is that IIS only serves files that it has a MIME type for which it matches to the file extension.

By default, .flv isn’t there and thus IIS doesn’t serve the file.

To remedy this:

  • Go to the site in question in the IIS snap-in
  • Right click and open the properties for the site
  • Go to the HTTP Headers tab
  • At the bottom of said tab is a ‘MIME Types’ button which you’ll be wanting to click at this stage
  • Add a new type with the file extension .flv and the MIME type of video/x-flv.
  • Press however many ‘Yes’, ‘Apply’, ‘Finish’ or ‘OK’ buttons you need to get rid of it all…

And voila… You should be in business.