OLIVER

Version 1.01
Extension for Form-Based File Upload in HTML
Compliant with MS-ISAPI Spec V.2.0


Overview
========

   Oliver is an ISAPI Extension DLL for IIS server to accept 
   form-based file upload in HTML. The extension interprets forms 
   with the ENCTYPE="multipart/form-data" tag.

   Here are some Oliver features:

     - Redirection implementation.
     - All server upload activity logged.
     - Each uploads are tagged with a unique upload identifier.
     - You can pass a QueryString to the redirected URI.
     - Internal query 'name=value' substitution implementation.
     - Multiple Content-Disposition support.
     - Support for internal substitution of traditional CGI variables.
     - Automatic virus detection on uploaded files.
     - Automatic SMTP upload email warning service.
     - Uploaded files are prefixed for security reasons.
     - You can reject uploads depending on remote filename extension.
     - Support for long file names.
     - Support file names containing space characters.
     - Dump command to help you analyse software installation problems.


   Developed and tested with the following environment:

     - Windows NT V.4.00
     - Microsoft Peer Web Server V.3
     - Netscape V.4.04, Microsoft Internet Explorer V.4


   +============================================================+
   |   IMPORTANT WARNING IMPORTANT WARNING IMPORTANT WARNING    |
   |============================================================|
   |                                                            |
   |        --> This can be a serious security hole <--         |
   |  NEVER ALLOW UPLOADING TO YOUR WEB SERVER CGI DIRECTORY!   |
   |  NEVER ALLOW UPLOADING TO YOUR WEB SERVER CGI DIRECTORY!   |
   |  NEVER ALLOW UPLOADING TO YOUR WEB SERVER CGI DIRECTORY!   |
   |  NEVER ALLOW UPLOADING TO YOUR WEB SERVER CGI DIRECTORY!   |
   |  NEVER ALLOW UPLOADING TO YOUR WEB SERVER CGI DIRECTORY!   |
   |       --> This can be a serious security hole <--          |
   |                                                            |
   +------------------------------------------------------------+ 

   +============================================================+
   |                SHAREWARE VERSION LIMITATION                |
   |============================================================|
   |                                                            |
   | With the Shareware version of Oliver, you won't be able    |
   | to upload forms containing more than 45000 bytes of data.  |
   |                                                            |
   | > There is no upload limits with the registered version  < |
   | > There is no upload limits with the registered version  < |
   | > There is no upload limits with the registered version  < |
   |                                                            |
   +------------------------------------------------------------+ 


   For more information on form-based file upload in HTML, 
   please consult the Request For Comments, RFC#1867.



Installation
============

   There is no installation program.
   But the manual installation steps are very easy:

   1/ Copy isgt32.dll under the IIS server scripts directory.
      Ex.: copy isgt32.dll c:\Inetsrv\Scripts

   2/ Copy Oliver.ini under the Windows home directory.
      Ex.: copy Oliver.ini c:\Winnt

   3/ Edit the copied c:\winnt\Oliver.ini file to make it 
      reflect your environment configuration.

   4/ Build your redirection url's.

   5/ Test Oliver by opening the Upload.html
      file supplied with the software package.

   6/ Have Fun!



How It Works
============

     +--------+         (Data Upload)           ___________
     |        |----->---------------->-------- /           \
     |  Web   |                                |    Web    |
     | Client |                                |   Server  |
     |        |----<----------------<--------- |           |
     +--------+         (Status Page)          \___________/
                                                  |      |
                                            (Redirection)|
                                                  |     \|/ 
                                                  |      | 
                                                 /|\  (ISAPI)
                                                  |      | 
                                                  |      |
                                                ************
                                                *  OLIVER  *
                                                * Analyzer *
                                                ************


Oliver Simple Evocation
=======================

   HTML Code sample:

<FORM ENCTYPE="multipart/form-data"
      NAME="UploadForm"
      ACTION="http://your.server.address/scripts/isgt32.dll"
      METHOD=POST>
  <P>
  <INPUT NAME="filedata" TYPE="file"   SIZE="43">
  <INPUT NAME="reset"    TYPE="reset"  VALUE="Reset ">
  <INPUT NAME="submit"   TYPE="submit" VALUE="Upload">
  <P>
</FORM>



Oliver Complexe Evocation
=========================

   You can specify a query string on the Oliver Action command. 
   By doing so, oliver will append the specified query string to
   the redirection URL. There is also some Oliver internal substitution
   tags you can use to analyse and process the upload request on the
   redirection side. In the following example, the query string 
   "val1=1&val2=!OVL_LOCAL_FILENAME" will be trapped by Oliver. 
   He then will substitute !OVL_LOCAL_FILENAME by the uploaded file path,
   and will make a redirection like: 

      http://srv/path/ok.html?val1=1&val2=c:\tmp\afile


<FORM ENCTYPE="multipart/form-data"
      NAME="UploadForm"
      ACTION="http://your.server.address/scripts/isgt32.dll?val1=1&val2=!OVL_LOCAL_FILENAME"
      METHOD=POST>
  <P>
  <INPUT NAME="filedata" TYPE="file"   SIZE="43">
  <INPUT NAME="reset"    TYPE="reset"  VALUE="Reset ">
  <INPUT NAME="submit"   TYPE="submit" VALUE="Upload">
  <P>
</FORM>

   ----------------------  -------------------------------------------------  
   Tags                    Substitued By
   ----------------------  -------------------------------------------------  
   !"A_Cgi_Variable"       GetServerVariable on that value. Ex.:!REMOTE_HOST
   !OLV_LOCAL_FILENAME     Filename for the local uploaded file
   !OLV_LOCAL_FILESIZE     Uploaded file size in bytes
   !OLV_TARGET_DIRECTORY   Target upload directory
   !OLV_REMOTE_FILENAME    Client file path
   !OLV_LOG_FILENAME       Oliver log file path
   !OLV_UPLOAD_ID          Oliver Unique Upload ID Identifier

   !OLV_UPLOAD_STATUS      Oliver Request Status

                           Status Mapping
                           -------------------------------------------------
                           200.....Ok. Successful Upload
                           250.....Virus scanning done successfully
                           252.....Advise EMail successfully sent
                           900.....Unable to open data file
                           910.....Unable to malloc (not enough memory)
                           920.....No data in extension control block
                           930.....Unable to re-open data file
                           940.....File already exist
                           950.....Data file empty
                           960.....Unable to create local file
                           970.....Write disk error
                           975.....File extension rejected
                           980.....File pointer position error
                           991.....Unable to exec the virus scan command
                           999.....Unexpected error
                          13xx.....Error occurred while sending email

   A more complexe upload form would be as the following. In that case, 
   you can specify other input fields in the HTML form to request more 
   information from the uploader client. Oliver will then merge the
   query string AND the fields submitted values to the redirection
   URL as follow: (With no CR/LF)

      http://srv/path/ok.html?val1=1&val2=C:\tmp\afile
      &description=This+is+a+new+file...&username=Your+Name
      &email=you@here.com&radio1=True&session=1234567890


<FORM ENCTYPE="multipart/form-data"
      NAME="UploadForm"
      ACTION="http://your.server.address/scripts/isgt32.dll?val1=1&val2=!OVL_LOCAL_FILENAME"
      METHOD=POST>
  <INPUT NAME="filedata" TYPE="file" SIZE="43"><BR>
  Desc: <INPUT NAME="description" TYPE="text" VALUE="This is a new file..." SIZE="38"><BR>
  Name: <INPUT NAME="username" TYPE="text" VALUE="Your Name" SIZE="38"><BR>
  Mail: <INPUT NAME="email" TYPE="text" VALUE="you@here.com" SIZE="38"><BR>
  True  <INPUT TYPE="radio" NAME="radio1" VALUE="True" CHECKED> 
  False <INPUT TYPE="radio" NAME="radio1" VALUE="False"><P>
  <INPUT TYPE="hidden" NAME="session" VALUE="1234567890">
  <INPUT TYPE="reset" VALUE="Reset ">
  <INPUT TYPE="submit" VALUE="Upload">
</FORM>


Limitations
===========

 1/ Maximum number of bytes accepted for the shareware version....... 45000
 2/ Maximum number of bytes accepted for the registered version...... Unlimited
 3/ Maximum number of form inputs accepted........................... 100 pairs
 4/ Maximum lenght for redirection URI............................... 255
 5/ Maximum lenght for rediretion query string after substitution.... 16384
 6/ Maximum lenght for redirection URL (4 + 5)....................... 16639

                                                
Troubleshooting
===============

   1/ Consult the Oliver Log file.

   2/ Oliver internal commands:

      - Dump Page... http://your.server.address/scripts/isgt32.dll/dump
        (You must enable this command from the Oliver ini file)

      - About Page.. http://your.server.address/scripts/isgt32.dll/about

   3/ Contact the author.



Oliver on the Internet
======================

   Support Contact:   mailto:ssenechal@videotron.ca
   Home Page:         http://pages.infinit.net/senechal
   Phone:             (514) 647-0322 (North-East America)



Software Ch-Ch-Ch-Ch-Changes
============================

   ----------------------------------------------------------------------
   V.0.98  (December 14, 1997)         [Without the manager program]
   ----------------------------------------------------------------------
     - FAQ: Why the name "Oliver"; Cause its the name of my second child!
     - BLD: First Alpha

   ----------------------------------------------------------------------
   V.0.98a (December 16, 1997)         [Without the manager program]
   ----------------------------------------------------------------------
     - IMP: Redirection implementation.
     - FIX: Remove any hardcoded paths. All defines in the ini file.
     - FIX: Better error detection while receiving data from the client.
     - BLD: First Beta. 

   ----------------------------------------------------------------------
   V.0.98b (December 18, 1997)         [Without the manager program]
   ----------------------------------------------------------------------
     - IMP: Can now pass a QueryString to the redirected URI.
     - IMP: Dump command implementation.
     - FIX: Dump command always executed whenever the PATH_INFO.
     - IMP: Prefix customizable via the initialization file.
     - IMP: Internal name=value substitution implementation.
     - IMP: Support for substitution of traditional CGI environment.
     - IMP: Add Upload ID Identifier for internal substitution.

   ----------------------------------------------------------------------
   V.0.99 (December 21, 1997)          [Without the manager program]
   ----------------------------------------------------------------------
     - IMP: Add the associated upload ID in the Oliver log file.
     - IMP: Multiple Content-Disposition support.
     - IMP: About command implementation.
     - IMP: Add the EnableDump section.
 
   ----------------------------------------------------------------------
   V.1.00 (December 22, 1997)          [Without the manager program]
   ----------------------------------------------------------------------
     - IMP: Local File Size substitution support.
     - BLD: V.1.00 First Shareware Release.

   ----------------------------------------------------------------------
   V.1.01 (December 23, 1997)          [Without the manager program]
   ----------------------------------------------------------------------
     - FIX: Support for filename containing space characters.
     - IMP: Automatic external virus detection on uploaded files.
     - FIX: Dump data file unlink after transaction.
     - IMP: Counter index now readed from the ini file.
     - BLD: V.1.01 First Beta Release.

   ----------------------------------------------------------------------
   V.1.01 (December 27, 1997)          [Without the manager program]
   ----------------------------------------------------------------------
     - IMP: Security. Transaction accepted depending on file entension.
     - IMP: Security. SMTP warning email automation.



Known bugs
==========

   - None yet... Hmmmm!!??



Thanks
======

   I specially want to thanks:

    * Beta Tester and Motivation Source:
      Richard Lowe, Internet Consultant, Hughes Rae Ltd
      Tel: 01332 600110   mailto:R.Lowe@hughesrae.co.uk
      Fax: 01332 733244   http://www.hughesrae.co.uk

    * Julie... A 'Real' informatician wife. You know what I mean. ;^/



Registration
============

   This program is Shareware, you may evaluate it for a period of 
   no more than 30 days. After this time you must either register 
   (read REGISTER.TXT) or remove it from your system. Failure to comply 
   with this condition is a violation of the law. As you are aware, 
   authors spend numerous hours to create such programs, and this, 
   to reach your requirements.  Therefore, they need all your support. 
	 
   Please register if you use this program for longer than the trial period. 
   The run-time registration is $20 (US) or $26 (Canadian). 

   ######################################################################
   #####                                                             ####
   ##### Sources are also available. Consult the REGISTER.TXT file.  ####
   #####                                                             ####
   ######################################################################

   To register, please send your name, address, a check or money order to:

         Sylvain Senechal
         1324 Bibaud Street
         Longueuil, Quebec (Canada)
	 J4M 1G6

         Phone: (514)647-0322
         email: ssenechal@videotron.ca



Conclusion
==========

   THE REGISTRATED VERSION OF OLIVER IS NOT FREELY DISTRIBUTABLE.
   THE SHAREWARE VERSION OF OLIVER IS FREELY DISTRIBUTABLE.

   OLIVER IS SUPPLIED AS IS. THE AUTHOR DISCLAIMS ALL WARRANTIES, 
   EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES 
   OF MERCHANTABILITY AND OF FITNESS FOR ANY PURPOSE. THE AUTHOR ASSUMES 
   NO LIABILITY FOR DAMAGES, DIRECT OR CONSEQUENTIAL, WHICH MAY RESULT 
   FROM THE USE OF OLIVER.
	 


Oliver V.1.01 for Windows
Copyright (C) December 1997, by Sylvain Snchal, Montral, Canada.
All rights reserved.
