Unusual IE7 behaviour

[otuatail]

I don't know if anyone has noticed this but when I upgraded to IE7 I have had unexplained entries in my database. The Web hosting company I use can't figure it out either.

I have a lot of PHP pages and afunctions.inc all pages have the following

$page = "Home"; // home is the index.php all other pages will have a diffrent name AND

StoreData($page); this function in the functions.inc writes a record for each page visited.

 

I have a documents folder on the site with 2 sample documents. These should be opened in IE7

However behind the scene IE7 seems to be opening up my homepage invisibly. This means that every time someone looks at a document, I will get an entry in the database with the page name ‘Home’

Why is this. And secondly when I tried it I got strange browser info in the database.

 

***** Microsoft Data Access Internet Publishing Provider Protocol Discovery

***** Microsoft-WebDAV-MiniRedir/5.1.2600

 

Page in question is pure html and has no php or database functionality in it.

 

If someone can open up a sample page IN IE7 and click on the IE7 back arrow. I will receive database entries.

 

http://www.des-otoole.co.uk/samples/

 

This must be some serious security hole in IE7. I went to the IE newsgroup who informed me that it was a server issue although this never happened in IE6 Netscape or Opera. As soon as I mentioned php and MySQL those nice guys on the Microsoft group ignored me.

 

Any help on this?

 

Desmond.

P.S. What hapened to the this site it went funny with MySQL errors.

 

 

[per1os]

As soon as I mentioned php and MySQL those nice guys on the Microsoft group ignored me.

 

Sounds like a micro$oft user, always ignore the open-source guys where as the open-source guys are always more than willing to help with micro$ofts problems.

 

Anyhow, are you sure your computer does not have spyware attached to it...you know windows does install spyware on user's computers. They actually got in trouble for that.

 

I would just make sure there is nothing on your side that is working behind the scenes, maybe try the site from another computer and check out the logs. Just to make sure it is an IE7 problem.

 

Also posting some code may help you get some answers. There could be a way to just block that browser info and not insert it into the database, as it seems to always be the same etc.

Hope that helps.

[Psycho]

It sounds to me as if there is something in your code which is triggering off of the browser version. If so, it would make sense that a new browser could cause problems since the code was not aware of the browser before it was created.

 

IE7 as absolutely no control over what is inserted into your database. If you are having problems, then you need to go back to the code to determine where the problem is and fix it.

[otuatail]

Anyhow, are you sure your computer does not have spyware attached to it

 

I do have spy ware add anti-virus up to date. I Contacted my Hosting provider

streamlinenet.co.uk and they did a test and I got the same results.

 

IE7 as absolutely no control over what is inserted into your database.

no but if you goto a totaly independant web bage in pure html you should not get a databes entry. IE7 has gone to my home page and caused the entry.

 

Also posting some code may help you get some answers.

No need. If you go to the pure html page http://www.des-otoole.co.uk/samples/

and right click -> view source you will have the lot. Total Nothing hidden.

Try it out and open (not download) a word document. then hit the back button.

I will in turn supply you with all your details IP etc that will have ended up in my database.

How ?

 

Please Please try it.

 

[per1os]

I am guessing it has something to do with this code

 

<?
$Browser = $_SERVER['HTTP_USER_AGENT'];
// echo($Browser);
?>

 

to how you find out my information. Another guess is you use htaccess to run some php behind the scenes but still just display the static html page.

 

Where is the code for the database entry?

[otuatail]

There is no code to a pure html web page

 

The home page (and all other PHP pages) have a variable $page. each page sets this to it's own name and can be used to store in a database.

 

The entry in the database clearly states that this entry has come as a result of ACCESS

to the home (index.php) page.

 

Here is the code for the html pure page www.des-otoole.co.uk/samples/indes.HTML

 

<HTML>

<HEAD>

<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">

<LINK rel="stylesheet" href="style.css" type="text/css">

<TITLE>Documents</TITLE>

</HEAD>

<BODY>

<div id="panel_1">

<a href="sample1.doc">sample1.doc</a><br>

<a href="sample2.doc">sample2.doc</a><br>

<br>

</div>

 

 

</BODY>

</HTML>

 

Look !  no PHP if you think this is a problem with me not closing down a bowser and opening a new one, Try it your self. This is Ok in IE6 why. Also FF Netscape Opera

 

Please try it out.

 

index.php  code

---------------

<?

// Des-otoole.co.uk Website Version 3.0.0  23-04-2007  Desmond O'Toole.

// http://poptop.hypermart.net/testindex.html Real Testimonies

// poptop43@yahoo.com

// echo phpversion();

//

// http://validator.w3.org/  Browser = W3C_Validator/1.432.2.22

//

// http://jigsaw.w3.org/css-validator/  Browser = Jigsaw/2.2.5 W3C_CSS_Validator_JFouffa/2.0

//

//IE 7 Security Issue

// Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

//

$accept = $_SERVER["HTTP_ACCEPT"];

$user_agent = $_SERVER["HTTP_USER_AGENT"];

$accept_charset = $_SERVER["HTTP_ACCEPT_CHARSET"];

$accept_language = $_SERVER["HTTP_ACCEPT_LANGUAGE"];

$x_wap_profile = $_SERVER["HTTP_X_WAP_PROFILE"];

$profile = $_SERVER["HTTP_PROFILE"];

//

//

include ("functions.inc");

session_start();

$domain = $_SERVER['HTTP_HOST']; //des-otoole.co.uk ?

$RemoteAddress = $_SERVER['REMOTE_ADDR'];

$Browser = $_SERVER['HTTP_USER_AGENT'];

// echo("<br>" . $domain);

if(strpos($Browser, "MSIE 7.0") == true && $_SESSION['Microsoft']  == "")

{

  // header('Location: 666.php');

  // exit;

}

 

connectDB();

$sql = "SELECT * FROM `config`";

$query = mysql_query($sql) or die(mysql_error());

$rs = mysql_fetch_array($query);

$Construction = $rs['Construction'];

$Robot = $rs['Robot'];

$IP = $rs['IP'];

$dbLog = $rs['dbLog'];

$page = "Home Test";

$IsMe = IsMe($RemoteAddress , $IP);

$Atack = $RemoteAddress;

$_SESSION['Atack'] = 0;

if($Atack == "195.136.80.67" || $Robot == 'Y' && $IsMe == 'Y')

{

  $_SESSION['Atack'] = 1;

  if($IsMe != 'Y')

    StoreData($page);

 

  mailto($page);

  include('404.html');

  exit();

}

/********************/

if($Construction == 'Y' && $IsMe == 'N')

{

  header('Location: UnderConstruction.php');

  exit;

}

$Total_Hits = get_hit_counter();

$_SESSION[K9] =  isRobot($Browser);

if($Robot == 'Y')

    $_SESSION[K9] = 1;

 

$_SESSION['Event_Log'] = 'NO';

if($_GET['counter'] == "")

    $_SESSION['Event_Log'] = 'YES';

 

if($_SESSION['Event_Log'] == 'YES' && $_SESSION['current_page'] == "" && $_SESSION[K9] == 0)

    hitcounter();

 

if($_SESSION['current_page'] <> 'index.php')

{

    StoreData($page); // Only if Event_Log = 'YES' and Flag 'dbLog' = 'Y'

    if($_SESSION['K9'] == 0 || $dbLog == 'N')

      mailto($page); // if this is a Robot

}

$_SESSION['current_page'] = 'index.php';

if($_SESSION[K9] == 0)

{

?>

 

functions.inc

------------

function StoreData($Page)

{

  connectDB();

  $hit = 'N';

  if ($_SESSION['current_page'] == "")

      $hit = 'Y';

  if ($_SESSION['K9'] == "1")

      $hit = 'R';

  if ($_SESSION['Atack'] == "1")

      $hit = 'A';

 

  $sql = "SELECT * FROM `config`";

  $query = mysql_query($sql) or die(mysql_error());

  $rs = mysql_fetch_array($query);

  $do = $rs['dbLog'];

  if($_SESSION['Event_Log'] == 'YES')

  {

      $browser = $_SERVER["HTTP_USER_AGENT"];

      $stamp = time();

      $Date = date('Y-m-d',$stamp);

      $Time = date('H:i:s',$stamp);

      $IP = $_SERVER['REMOTE_ADDR'];

     

     

      $sql = "INSERT INTO `EventLog` VALUES ('','" . $stamp . "','"  . $Date . "','" . $Time . "','" .$IP . "','" . $Page . "','" . $browser . "','" . $hit . "')";

 

     

      if ($do == 'N')

      $sql = "INSERT INTO `EventLog2` VALUES ('','" . $stamp . "','"  . $Date . "','" . $Time . "','" .$IP . "','" . $Page . "','" . $browser . "','" . $hit . "')";

 

     

      $query = mysql_query ($sql);

      $result = @mysql_affected_rows($sql);

  }

}

 

 

 

[otuatail]

Ok I see what the sticking point is here. Nobody want's to test this out as I will have there IP address. As a christian you have my word that I will not reveal it on this site. My IP address is

 

**2 . *4* . 2** . *96

 

OK

[per1os]

Look !  no PHP if you think this is a problem with me not closing down a bowser and opening a new one,

 

Are you trying to sell me on something? There is php code working behind the scenes, which is what I asked for first as that is where the problem is most likely occurring.  I do not really care if you can make the browser think that it is browsing an html page, its really not that hard to do.

 

And for the record viewing the source in that sample on FF 2 this is the source code:

<?
$Browser = $_SERVER['HTTP_USER_AGENT'];
// echo($Browser);
?>
<HTML>
<HEAD>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<LINK rel="stylesheet" href="style.css" type="text/css">
<TITLE>Documents</TITLE>
</HEAD>
<BODY>
<div id="panel_1">
<a href="sample1.doc">sample1.doc</a><br>
<a href="sample2.doc">sample2.doc</a><br>
<br>
</div>

</BODY>
</HTML>

 

So somewhere you "messed up" and had php printed out with your html page.

 

As for the code, sloppy but I do not see where or why IE7 would be hitting it twice or sending another operation to the site. Is there settings in IE7 that all for this? Maybe a setting is set that should not be which would do that, I dunno.

 

Also, next time the [ code ] tags are your friend.

 

But yea other than that I am out of ideas, maybe do an ip + timestamp check, if an ip has been logged within a certain time limit do not log it in again.

 

EDIT: due to recent post

Nobody want's to test this out as I will have there IP address

 

I really doubt anyone cares. I can easily grab everyone's ip address on this forum using a custom image code on my website as an image in my sig. Give some people time to respond. 15 minutes is hardly enough time bud.

[otuatail]

Ok i understand your confusion.

I realised there was a problem and decided to cut out IE7. I used the page to add a small php to get the User agent. I forgot to remove this before I renamed the page to index.html.

The php has no database content

The database clearly showes that access to the database was from the home page at the same time

the page has had all php content removed

the page was uploaded

the computer was totaly switched off and on

the web page was looked at again

there is another entry in the database.

How can looking at a satalite html page produce a database entry from the home page (VISITED)

 

I am also confused as to how you can acces  <? ?> from FF I tried it.

[otuatail]

someone has accesed my satalite html page. and my home page (not personaly visited) with

 

Mon 04-Jun-2007  17:00:26  *6.*3*.*05.*25  Home Test

[per1os]

Do you have any type of htaccess setup on your system that would be redirecting pages? So when I call index.html it actually sends me on a tangent to another page on your site without me knowing?

 

Since you updated the index.html page I can longer see the <? portion.

 

Are you running this server off of IIS?

 

http://lists.sans.org/pipermail/list/2002-November/005958.html

 

Check out that article if you are.

 

EDIT: Just a note this was found using google:

http://www.google.com/search?hl=en&q=Microsoft-WebDAV-MiniRedir%2F5.1.2600&btnG=Search You will find much more articles there.

[otuatail]

Since you mention it I have only heard about this "htaccess " don't fully understand it. There is a sequal to this page as well.

 

"So when I call index.html" You are not calling this home page are you?

The satalite page to visit (pure HTML) is http://www.des-otoole.co.uk/samples/

 

If you were to visit my website normaly through the home page you would come across this.

 

<?

include ("functions.inc");

session_start();

$page = "Home Test";

StoreData($page);

/*

This function takes the variable and uses it in the insert, to tell me which page was viewed

each page has it's own unique name */

This means that at the same time that you viwed my samples\indes.html page ...

the home page was also accessed, causing the data to be inserted.

 

Another issue is this. If someone access this page (html only). What is this in my database

 

$Browser = "Microsoft Data Access Internet Publishing Provider Protocol Discovery"

$Browser = "Microsoft-WebDAV-MiniRedir/5.1.2600"

 

Has anyone heard of these browsers ?

 

Desmond.

 

 

 

[per1os]

Do you have frontpage installed on the server or frontpage extensions?

 

http://www.pgts.com.au/cgi-bin/psql?robot_info=5096

 

But yea, unless someone has a set answer for you your best bet is to look through that google link I posted to you above. That or just block that type of browser, you do not have to block IE7, simply the microsoft-webdav  portion.

[otuatail]

Don't have Frontpage or any of that crap. Don't have htaccess  as I don't undestand it.

Is it not possible that IE7 is not perfect and that Microsoft have never produced software withot a bug.

 

The web page http://www.des-otoole.co.uk/samples/ has not got a shead dynamic code.

If anyone uses this page, I will get a database enty curtosy of my home page with ALL

your reteavable details. THIS could be a security issue and if it is it should be investigated.

 

Recipie

Get a web server and format it.

Install unix PHP annd MySQL 5.0 (Apachie ? don't understand this)

Create a home page with index.php and a function StoreData(string) // to store data

Create a seperate functions.inc with the function in it

Create a folder called test with a html page index.html and test it out.

 

I do beleve that there is an issue here. This has been proved by a totaly independant person, that being the website provider.

 

If anyone on this website can give any reason for this behaviour.

No Front Page

No PHP

No dynamic content.

No htaccess Or what ever this is.

switch off PC and re-boot open up a fresh IE7. Problem still exsists

Use IE6 , FF 2.0 , Netscape 7.2 , Opera 9.2 No problem.

 

Come on Guys give me a break there is something wrong here. If you can give me any plausable reason why this can happen? I will make the changes for re-testing.

 

If you get a strange User_Agent like

 

***** Microsoft Data Access Internet Publishing Provider Protocol Discovery

***** Microsoft-WebDAV-MiniRedir/5.1.2600

 

Does this look like a user from Microsoft is looking at your website.

 

[Psycho]

IE7 as absolutely no control over what is inserted into your database.

no but if you goto a totaly independant web bage in pure html you should not get a databes entry. IE7 has gone to my home page and caused the entry.

 

IE7 can NOT insert an entry into your database all by itself.

 

Does IE7 know the IP/hostname of your database? No.

Does IE7 know the name of your database? No.

Does IE7 know the username/password of your database? No.

Does IE7 know the tables and fields in your database? No.

 

If you have a database you have code whihc inserts data into that database. That is where you should be looking for the problem - not IE7.

[otuatail]

You obviously have not followed this. I NEVER EVER said that IE7 has the power to insert into my database. IE7 has the power to look at websites. If You look at my home page, I will get an entry in my database. If you look at a independent website of mine which is pure HTML that is different. What is happening under this totally new bug free Microsoft IE7 is that, when you look at my totally independent HTML page with no idea of PHP , ASP MySQL , SQLServer. At the same thousandth of a second I get a visitor to my home page and a data entry from someone with a user agent

 

Microsoft-WebDAV-MiniRedir/5.1.2600

 

Get a grip guys. Did you relay think I was saying that Microsoft had developed an intelligent browser that could operate a database?

 

If there were some development code still in there, then that would be an issue.

 

Nobody here on this group can come up with a rational explanation to why a webpage (HTML) even after rebooting a PC can cause this access to my home page. IE7 did not open my database. Access to my home page did this. It did not happen under Internet Explorer 6, Firefox 2 Netscape 7 Opera 9.

 

I NEVER SAID IE7 COULD WRITE TO A DATABASE. Please look at this sensibly.

 

[per1os]

Dude no need to be rude, with that type of attitude no wonder no one wants to help you. We are only trying to figure out if we can help with the issue at hand.

 

As such, given the code it is an IE7 issue. Thus not necessary for this forum, as IE7 as nothing to do with PHP.

 

My take on what is happening:

 

Once you updated to IE7 something was installed that is this WebDAV that whenever you goto a website it sends a bot, from your computer, using this webdav engine to run through the whole site. As you say it is only IE7, I am sure Micro$oft put this in there and there is probably a setting in IE7 to disable or some type of a hack somewhere on the web.  Micro$oft as I stated before does like to infect people computers with "legitimate" spyware, this is probably one of those circumstances. They probably validate the issue by stating "We are just caching the pages for faster browsing".

 

Now I am not sure of this AT ALL, I do not use IE7. I do not even use IE, so I could be wrong, but given the code and the way it acts that is my 2 cents.

 

You are barking up the wrong tree, as this is not PHP/MySQL related.

[otuatail]

Thank you

                  frost110

 

From the very start of this thread, I was trying desperatly to hi-light a seriouse issue in Microsoft. to get a

Does IE7 know the IP/hostname of your database? No.

Does IE7 know the name of your database? No.

Does IE7 know the username/password of your database? No.

Does IE7 know the tables and fields in your database? No.

 

you must admit this did stress me out. As we are good natured inteligent software pro's on this website I felt that I needed to raise this issue as being software developers we could find ourselves at risk through this lack of microsoft security. I did originaly raise this issue on a microsoft website but as i mentioned PHP MySQL and Unix the ran a mile. That is why i felt that this problem should be hi-lighted here for all of you guys. I am sorry if I offended anyone but i did not feel that I got favourable replies as it apeared to me that i was some kind of lunatic claiming IE was inteligent. whould you do me 2 favours

1. Accept my appologies if I came across in anyway offensive (as a christion i do not want that)

2. how did you get that

<?

$Browser = $_SERVER['HTTP_USER_AGENT'];

// echo($Browser);

?>

using a web brouser

 

Desmond.

 

[per1os]

2. how did you get that

<?

$Browser = $_SERVER['HTTP_USER_AGENT'];

// echo($Browser);

?>

using a web brouser

 

There must of been a fluke in the system or the file at the time. When I first viewed the source of that system part of your site (if it was called system) that was at the top, it has since been removed and I am unable to view it anymore.

[otuatail]

I removed it after you said that it was probably the problem.

 

How can you access php code. as well as the html. If you can retrieve it as you obviously have done then anyone can do that. Scary or what.

[per1os]

I do not know if it was a glitch or not, like I said, I just viewed source with firefox and that showed up. Sounds like some type of issue with your server...

[Psycho]

Change this

 

if($_SESSION['Event_Log'] == 'YES')

 

To this:

 

if($_SESSION['Event_Log'] == 'YES'
   && $browser != 'Microsoft Data Access Internet Publishing Provider Protocol Discovery'
   && $browser != 'Microsoft-WebDAV-MiniRedir/5.1.2600')

 

And no more mysterious database entries. The fact that a browser or any other application is accessing your home page is not a security hole. Bad programming or implementation, absolutely.

 

As to your previous comments:

 

1) No need to yell

2) Many people post here don't have a clue how PHP works and and want to know why they can't run PHP within Javascript! So, when you state

IE7 has gone to my home page and caused the entry

It does appear that you are stating that IE is doing something "on it's own" and I felt some education was in order.

3) For someone who is so sure of himself, I find it odd that you say

Also posting some code may help you get some answers.

No need. If you go to the pure html page http://www.des-otoole.co.uk/samples/

and right click -> view source you will have the lot.

and then frost110 finds PHP code in your HTML.

 

You stated there was no FrontPage. Did you just mean that you did not use FrontPage to create the site? Most of the refrences I found to that behavior had to do with people with FrontPage installed

[otuatail]

Yes you are correct if I use this code problem solved.

 

if($_SESSION['Event_Log'] == 'YES'

  && $browser != 'Microsoft Data Access Internet Publishing Provider Protocol Discovery'

  && $browser != 'Microsoft-WebDAV-MiniRedir/5.1.2600')

 

However if tou are looking at a

http://www.des-otoole.co.uk/samples/index.html

 

Why am i getting in the same millisecond a hit from

http://www.des-otoole.co.uk/index.html (my home page0

with all your details IP address etc.

can you open up both of these webpages in the same instance of IE7 in

at the exact same 1/1000 of a secon ???????

 

Please tell me how you have managed to open both Simultaneously. This is cleaver.

 

You stated there was no FrontPage Did you just mean that you did not use FrontPage to create the site?

No means No. not used never had don't want. can't stand it NO

[otuatail]

Thanks to frost110 who has seen clearly that there is a microsoft problem. Having been

to there IE forums, lot's of unhappy people there over other issues. Why is mine nonsense

[per1os]

If my ip was logged in that short time, the problem is deeper than you think, because I do not use IE or IE7. I simply use Firefox 2.0.

 

Which means it is a coding and or web server issue, not a microsoft issue.