Published: Sunday, August 06, 2000
How the "Print this Page" Script Works, Part 2
Read Part 1
In Part 1 we looked at what was needed to get the PrintPage.asp
script to work to display a truly printer-friendly format. In this part we'll look two shortcomings of the
system and examine the source code to the PrintPage.asp script!
First off, the shortcoming. Since the printer-friendly format exists in a directory separate from the articles
(the PrintPage.asp format on 4Guys is in the /ASPScripts directory while articles,
FAQs, SQLGuru questions, and other information are in the /webtech, /webtech/faq,
/webtech/sqlguru and others),
it is essential that all the hyperlinks in the articles are non-relative.
Non-relative URLs are those that are not dependent upon the location of the current ASP page; URLs beginning
with http://ServerName/ArticleURL or /DirectoryName/ArticleURL
are non-relative. Relative URLs are ones like ArticleURL.
If relative URLs are used, in the printer-friendly rendition the hyperlinks will be broken. For example,
if in an article I have the following hyperlink:
<A HREF="092298-3.shtml">
Using the Request.ServerVariables Object
</A>
|
Then in the printer-friendly format, if someone clicks on the hyperlink, they will be taken to:
/ASPScripts/092298-3.shtml, which doesn't exist and will return a 404. How annyoing!
Therefore, I make certain to use non-relative URLs in all of the articles. For example, the above hyperlink
would be recoded to read:
<A HREF="/webtech/092298-3.shtml">
Using the Request.ServerVariables Object
</A>
|
That /webtech/ before the article URL ensures that the printer-friendly format will not produce
dead (or erroneous) links.
The PrintPage.asp script was designed for simplicity... yes, modifications could be made so that
it checked for hyperlinks and fixed relative URLs. If you would like to add such functionality, I heartily invite you
to (and hope you would share your results and script with 4Guys)!
|
A second shortcoming that merits great warning is the fact that with the PrintPage.asp any
clever person could view the source to your ASP scripts! For instance, imagine that the user entered the
following URL into their browser: http://www.4GuysFromRolla.com/ASPScripts/PrintPage.asp?REF=/ASPScripts/search.asp,
they could view the source to the our Search Engine (they would need to do View/Source once they entered this URL).
Therefore, in the PrintPage.asp script a line of code ensures that users only view printer-friendly
versions of articles form the /webtech/ directory of one of its subdirectories. Furthermore, an even
cleverer person could enter: http://www.4GuysFromRolla.com/ASPScripts/PrintPage.asp?REF=/webtech/../ASPScripts/search.asp,
bypassing just the check for /webtech in the referring string. Therefore a check is also made to
ensure that there are no .. in the referring string. (Thanks to Rick S. for pointing this one out...)
Now has come the time to view the source for PrintPage.asp (finally!). Upon inspection I think you'll agree that
it is quite simple (it was that way be design!). Without further fuss, here is the code!
Happy Programming!
<%@ Language=VBScript %>
<% Option Explicit %>
<HTML>
<HEAD>
<TITLE>
4GuysFromRolla.com Article
</TITLE>
</HEAD>
<BODY>
<CENTER>
<TABLE WIDTH=90% BORDER=2 CELLSPACING=1 BGCOLOR=WHITE>
<TR><TD ALIGN=CENTER>
<FONT SIZE=3><I>
This article was brought to you by 4GuysFromRolla.com!
When you think ASP, think 4GuysFromRolla.com!<BR>
http://www.4GuysFromRolla.com
</FONT></I>
</TD></TR>
</TABLE>
</CENTER>
<P>
<%
Const ForReading = 1
Dim strReferrer, objFSO, objOpenFile, strLine
strReferrer = Request.QueryString("REF")
If Len(strReferrer) < 1 then
strReferrer = Request.ServerVariables("HTTP_REFERER")
If Len(strReferrer) < 1 then
Response.Write "Egad! An Error occurred! We could not" & _
" determine what page you wanted to view the source for..."
Response.End
Else
'With the HTTP_REFERER, the entire URL is passed along... we
'need to hack out the http://www.4guysfromrolla.com part
strReferrer = Right(strReferrer,len(strReferrer)-7)
strReferrer = Right(strReferrer,len(strReferrer) - _
instr(1,strReferrer,"/")+1)
End If
End If
'Make sure the user isn't trying to view ASP source
'(You should alter this below statement to make sure that the
' reader is trying to view an article in the proper directory.
' If you do not care where the user views the articles from,
' simply remove the If statement altogether...)
If InStr(1,UCase(strReferrer),"/WEBTECH/") = 0 OR _
InStr(1,strReferrer,"..") <> 0 then
'Shame on you, trying to view a page you're not suppose to...
Response.Write "Only pages in the /webtech/" & _
" directory may be viewed in printer-friendly format..."
Response.End
End If
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
Set objOpenFile = objFSO.OpenTextFile(Server.MapPath(strReferrer), _
ForReading)
'Output each line of the file...
Do Until objOpenFile.AtEndOfStream
strLine = objOpenFile.ReadLine
Response.Write strLine & vbCrLf
Loop
objOpenFile.Close
Set objOpenFile = Nothing
Set objFSO = Nothing
%>
<P><HR><P><CENTER><FONT SIZE=2><I>
This article was brought to you by 4GuysFromRolla.com! When you think ASP,
think 4GuysFromRolla.com!<BR>
http://www.4GuysFromRolla.com</FONT></I></CENTER><P>
</BODY>
</HTML>
|
