/*_____________________________________________________ Name: LoadPage() Purpose: sets the location of the current window to be the URL passed to this function Param(in): UrlToReload - a valid URL _______________________________________________________ */ function LoadPage(UrlToReload) { window.location.href=UrlToReload; } /*_____________________________________________________ Name: RedirectBrowser() Purpose: sets the location of the current window to be the URL passed to this function Param(in): sUrlwCreds - a URL with credentials embedded between the protocol and host sections _______________________________________________________ */ function RedirectBrowser(sUrlwCreds) { aCurrentUrl = new ParseURL(sUrlwCreds); for (i = 1 ; i < aCurrentUrl.length ; i++) { if (aCurrentUrl[i] == null) { aCurrentUrl[i] = ""; } } sURLwoCreds = aCurrentUrl[1] + "://" + aCurrentUrl[4]; if (aCurrentUrl[5].length > 1) { sURLwoCreds += ":" + aCurrentUrl[5]; } sURLwoCreds += aCurrentUrl[6] + aCurrentUrl[7]; if (aCurrentUrl[8].length > 1) { sURLwoCreds += "?" + aCurrentUrl[8]; } if (aCurrentUrl[9].length > 1) { sURLwoCreds += "#" + aCurrentUrl[9]; } oXMLHttp = new ActiveXObject("Microsoft.XMLHTTP"); try { oXMLHttp.Open("GET", sURLwoCreds, false, aCurrentUrl[2], aCurrentUrl[3]); oXMLHttp.Send(); if ( oXMLHttp.status == 200 ) { //if all goes well, WinInet should now be authenticated on destination site so // setting the current window's URL to that site will not prompt for credentials LoadPage(sURLwoCreds); } else { alert("Error - an unexepected status code was returned: " + oXMLHttp.status); } } catch(ex) { document.body.innerHTML = ErrorGenerator(ex); } } /*_____________________________________________________ Name: GetCLSID() Purpose: retrieve a CLSID for a registered component Parameter: sProgID - string that is a ProgID for a given registered component on the local computer. _______________________________________________________ */ function GetCLSID(sProgID) { try { var oWshShell = new ActiveXObject("WScript.Shell"); return oWshShell.RegRead("HKCR\\" + sProgID + "\\CLSID\\"); } catch(ex) { return "
" + ex.name + "
" + ex.number + " : " + ex.description + "


unable to read registry using WshShell.RegRead"; } } /*______________________________________________________ Name: GetInProcServer32() Purpose: retrieve a DLL path for a registered component parameter: sCLSID - string that is a CLSID for a given registered component on the local computer. _______________________________________________________ */ function GetInProcServer32(sCLSID) { try { var oWshShell = new ActiveXObject("WScript.Shell"); return oWshShell.RegRead("HKCR\\CLSID\\" + sCLSID + "\\InProcServer32\\"); } catch(ex) { return "
" + ex.name + "
" + ex.number + " : " + ex.description + "


unable to read registry using WshShell.RegRead"; } } /*______________________________________________________ Name: GetVersion() Purpose: Retrieve file version from PE header Parameter: none NOTE: a description of the RegExp object used in this function is provided below: the following Regular Expression: (?:(%(.*?)%))(?:(\\(?:[^\?]*?\\)*)([^\?]*?)$) will seperate the string: %SystemRoot%\System32\Inetsrv\w3core.dll into the following array elements (all strings): array[0] = %SystemRoot%\System32\Inetsrv\w3core.dll array[1] = %SystemRoot% array[2] = SystemRoot array[3] = \System32\Inetsrv\ array[4] = w3core.dll _______________________________________________________ */ function GetVersion() { var sSysPath = ""; //generate the Path to the DLL being used to call XMLHTTP try { sXmlDllPath = GetInProcServer32(GetCLSID("Microsoft.XMLHTTP")); RegExp = /(?:(%(.*?)%))(?:(\\(?:[^\?]*?\\)*)([^\?]*?)$)/; if ( RegExp.test(sXmlDllPath) ) { arDllPath = RegExp.exec(sXmlDllPath); var oWSH; oWSH = new ActiveXObject("WScript.Shell"); sSysPath = oWSH.Environment("PROCESS").Item(arDllPath[2]) + arDllPath[3] + arDllPath[4]; } else { sSysPath = sXmlDllPath; } } catch(e) { //return e.number + " - " + e.description + "\n\nWScript.Shell is needed to get DLL versions"; document.body.innerHTML = ErrorGenerator(e); } // get the version of the file try { var oFSO; oFSO = new ActiveXObject("Scripting.FileSystemObject"); arrReturned = new Array(2); arrReturned[0] = arDllPath[4]; arrReturned[1] = oFSO.getFileVersion(sSysPath); return arrReturned; } catch(e) { //return e.number + " - " + e.description + "\n\nScripting.FileSystemObject is needed to get DLL versions"; document.body.innerHTML = ErrorGenerator(e); } } /*_____________________________________________________ Name: ParseURL() Purpose: Retrieve file version from PE header Parameter: sURL: string that has is a URL in the format specified in the details section below. Return: Array with URL parts This function uses JavaScript's regular expression object to parse the URL passed to it, and return the parts of the URL in array elements. -------------------------------------------------------------------- NOTE: URL canonicalization is a non-trivial task and this simplified sample does not account for URL escaping or encoding where the address http://www.microsoft.com/security/ is equivalent to the address http%3A%2F%2Fwww%2Emicrosoft%2Ecom%2Fsecurity%2F -------------------------------------------------------------------- The proper format of the URL that should be passed to this function is: protocol://username:password@host:port/path/file?querystring#mappath and the elements of the array returned from this function are: [0] = sURL [1] = protocol [2] = username [3] = password [4] = host [5] = port [6] = path [7] = file [8] = querystring [9] = mappath any URL parts that are not specifically declared in sURL will return a a null value for their array element (i.e. if the string "www.msn.com" was passed to this function, then only elements [0] and [4] would have values; all other elements in the array would return null). Regular Expression details: RegExp = /^ (?: ([a-zA-Z]+)\:\/\/ // protocol )? ( ?:([^\:^\@]*?) // username (?:\:(.*?))? // password \@ )? ( [a-zA-Z0-9\.\_\-]*? // host ) (?: \:([0-9]{1,100}) // port )? (?: (\/(?:[^\?]*?\/)*) // path ([^\?]*?)? // file (?:\?(.*?))? // querystring (?:#(.*))? // anchor )? $/; _______________________________________________________ */ function ParseURL(sURL) { RegExp = /^(?:([a-zA-Z]+)\:\/\/)?(?:([^\:^\@]*?)(?:\:(.*?))?\@)?([a-zA-Z0-9\.\_\-]*?)(?:\:([0-9]{1,100}))?(?:(\/(?:[^\?]*?\/)*)([^\?]*?)?(?:\?(.*?))?(?:#(.*))?)?$/; aUrlParts = RegExp.exec(sURL); return aUrlParts; } /*______________________________________________________ Name: ShowNeedUpdate() Purpose: inform the user they need to install an updated version of MSXML from 832414 Parameter: none NOTE: this sample was written at a time when 832414 had the only fix to msxml?.dll that would allow credentials to be passed via the XMLHTTP.Open method, if the computer has a wininet.dll that ships with MS04-004 (KB 832894) or later (dated January 2004 or later). Detection is based ont he following criteria: MSXML 2.5 SP3 | msxml.dll | 8.0.xxxx.x MSXML 2.6 SP2 | msxml2.dll | 8.30.xxxx.x MSXML 3.0 SP2 | msxml3.dll | 8.20.xxxx.x MSXML 3.0 SP3 | msxml3.dll | 8.30.xxxx.x MSXML 3.0 SP4 | msxml3.dll | 8.40.xxxx.x MSXML 4.0 SP2 | msxml4.dll | 4.20.xxxx.x _______________________________________________________ */ function ShowNeedUpdate() { try { arFileInfo = GetVersion(); if ( isArray(arFileInfo) ) { switch (arFileInfo[0].toLowerCase()) { case "msxml.dll": if ( GetXMLVersion(arFileInfo[1]) == 8.0 ) { GenerateXMLDLLink(arFileInfo[0], arFileInfo[1], "http://download.microsoft.com/download/c/e/8/ce81bc31-1ecf-46a3-b840-2839415e34ad/KB832414_MSXML2.5_x86.exe"); } else { GenerateXMLNotMatched(arFileInfo[0], arFileInfo[1]); } break; case "msxml2.dll": if ( GetXMLVersion(arFileInfo[1]) == 8.3 ) { GenerateXMLDLLink(arFileInfo[0], arFileInfo[1], "http://download.microsoft.com/download/1/0/e/10e23019-f7aa-4497-8e13-94ff06a08ce1/KB832414_MSXML2.6_x86.exe"); } else { GenerateXMLNotMatched(arFileInfo[0], arFileInfo[1]); } break; case "msxml3.dll": if ( GetXMLVersion(arFileInfo[1]) == 8.2 ) { GenerateXMLDLLink(arFileInfo[0], arFileInfo[1], "http://download.microsoft.com/download/d/1/3/d139c2ad-6c6f-4d34-8db6-c44fe968227f/KB832414_MSXML3.0_x86.exe"); } else if ( GetXMLVersion(arFileInfo[1]) == 8.3 ) { GenerateXMLDLLink(arFileInfo[0], arFileInfo[1], "http://download.microsoft.com/download/b/1/9/b191831f-9a19-4a42-8a71-b2b267b4c715/KB832414_MSXML3.0_x86.exe"); } else if ( GetXMLVersion(arFileInfo[1]) == 8.4 ) { GenerateXMLDLLink(arFileInfo[0], arFileInfo[1], "http://download.microsoft.com/download/7/f/b/7fb9bddd-c56b-4ed6-b49b-b5e8718dd778/KB832414_MSXML3.0_x86.exe"); } else { GenerateXMLNotMatched(arFileInfo[0], arFileInfo[1]); } break; case "msxml4.dll": if ( GetXMLVersion(arFileInfo[1]) == 4.2 ) { GenerateXMLDLLink(arFileInfo[0], arFileInfo[1], "http://download.microsoft.com/download/a/f/d/afdb1779-18d6-4fd8-bb86-bfbfca5acaee/KB832414_MSXML4.0_x86.exe"); } else { GenerateXMLNotMatched(arFileInfo[0], arFileInfo[1]); } break; default: GenerateXMLNotMatched(arFileInfo[0], arFileInfo[1]); break; } } } catch(ex) { document.body.innerHTML = ErrorGenerator(ex) ; } } /*_____________________________________________________ Name: GenerateXMLDLLink() Purpose: display location for XML download Param[in]: sDLLName - name of MSXML DLL found sDLLVersion - version of MSXML DLL sUpdateLink - URL to download update from _______________________________________________________ */ function GenerateXMLDLLink(sDLLName, sDLLVersion, sUpdateLink) { sMessage = "The following file is registered to load when Microsoft.XMLHTTP is instantiated on your computer:

"; sMessage += "
   
moduleversion
" + sDLLName + "" + sDLLVersion + "

"; sMessage += "To download the updated version of this module, click here and then select Open



"; sMessage += "For more information about this update, see the article below:

"; sMessage += "   832414 XMLHTTP call fails for URLs with embedded user credentials
"; sMessage += "   http://support.microsoft.com/?id=832414"; document.body.innerHTML = sMessage; } /*_____________________________________________________ Name: GenerateXMLNotMatched() Purpose: display location for XML download Param[in]: sDLLName - name of MSXML DLL found sDLLVersion - version of MSXML DLL _______________________________________________________ */ function GenerateXMLNotMatched(sDLLName, sDLLVersion) { sMessage = "The following file is registered to load when Microsoft.XMLHTTP is instantiated on your computer:

"; sMessage += "
   
moduleversion
" + sDLLName + "" + sDLLVersion + "

"; sMessage += "Unfortunately this does not match any of the supported versions of MSXML that were patched following the release of MS04-004. This message can also occur if you have a version newer than one of the following:
"; sMessage += "
   "; sMessage += " " sMessage += " " sMessage += " " sMessage += " " sMessage += " " sMessage += " " sMessage += "
moduleversionproduct
msxml.dll8.0.7002.0MSXML 2.5 SP3
msxml2.dll8.30.9528.0MSXML 2.6 SP2
msxml3.dll8.20.9823.0MSXML 3.0 SP2
msxml3.dll8.30.9929.0MSXML 3.0 SP3
msxml3.dll8.40.9509.0MSXML 3.0 SP4
msxml4.dll4.20.9821.0MSXML 4.0 SP2

"; sMessage += "For more information about the patches, see the article below:

"; sMessage += "   832414 XMLHTTP call fails for URLs with embedded user credentials
"; sMessage += "   http://support.microsoft.com/?id=832414"; document.body.innerHTML = sMessage; } /*_____________________________________________________ Name: GetXMLVersion() Purpose: determine if object passed in is an array Param[in]: sDLLVersion - full version string of DLL _______________________________________________________ */ function GetXMLVersion(sDLLVersion) { fltDLLVer = parseFloat(sDLLVersion.slice(0,3)); if ( isNaN( fltDLLVer ) ) { return 0; } else { return fltDLLVer; } } /*_____________________________________________________ Name: isArray() Purpose: determine if object passed in is an array Param[in]: obj - an object _______________________________________________________ */ function isArray(obj) { intArrayFound = -1; try { intArrayFound = obj.constructor.toString().indexOf("Array"); if ( intArrayFound != -1) return true; else return false; } catch (ex) {} } /*_____________________________________________________ Name: ErrorGenerator() Purpose: generate detailed output when errors occur Param[in]: ex - an error object _______________________________________________________ */ function ErrorGenerator(ex) { switch(ex.number) { case -2146827859: //occurs when unsafe ActiveX components try to execute; probably from Registry read with WScript sError = "
" + ex.name + "
" + ex.number + " : " + ex.description + "
"; sError += "

Automatic detection of your XML version requires that you click the Yes button on the diaolog with the message An ActiveX control on this page might be unsafe to interact with other parts of the page. Do you want to allow this interaction?

To automatically detect the version of XML you are running, click here, then click Yes in the popup dialog"; sError += "


If you cannot click the Yes button to automatically detect the installed version of MSXML, you can manually determine which version of the required patch for this system (the patch is specific to the version and service pack level of MSXML installed on the computer), follow the steps below:"; sError += "
    " ; sError += "
  1. open the Windows Explorer
    2. "; sError += "
  2. Navigate to the \Windows\System32
    3. "; sError += "
  3. right click on the file msxml?.dll
    4. "; sError += "
  4. select Properties
    5. "; sError += "
  5. click the Version tab
    6. " ; sError += "
  6. note the version number of the file (supported versions of MSXML are listed below):
    7. " sError += " "; sError += "
" ; break; case -2146828218: //occurs when trying to use a component on a page in an untrusted zone (in this case XMLHTTP) to connect to a URL different than the current site aUrlForThisPage = ParseURL(document.URL); sError = "
" + ex.name + "
" + ex.number + " : " + ex.description + "
"; sError += "

Due to a recent security update, this site now requires user's to explicitely trust the site to maintain continued functionality. To add this trust, follow the steps below:

"; sError += "
    " ; sError += "
  1. from the menu in this window, select Tools | Internet Options
    2. " ; sError += "
  2. select the Security tab
    3. " ; sError += "
  3. select the Trusted sites icon
    4. " ; sError += "
  4. click Sites button
    5. " ; sError += "
  5. in the box labeled Add this Web site to the zone, enter the text: " + aUrlForThisPage[4] + "
    6. " ; sError += "
  6. click the Add button
    7. " ; sError += "
  7. click the Close button
    8. " ; sError += "
  8. click the Custom Level button
    9. " ; sError += "
  9. locate the \'Miscellaneous | Access data sources across domains\' section
    10. " ; sError += "
  10. click the Enable button under the \'Access data sources across domains\' section
    11. " ; sError += "
  11. click the OK button to close the \'Security Settings\' dialog
    12. " ; sError += "
  12. click the OK button to close the \'Internet Options\' dialog
    13. " ; sError += "
  13. click here once all other steps are complete
    14. "; sError += "
" ; sError += "


Note: these steps rely on the default configuration of \'Access data sources across domains\' being enabled in the \'Trusted sites\' zone. For more information on this see the article:"; sError += "

   182569 - Description of Internet Explorer Security Zones Registry Entries"; sError += "
    http://support.microsoft.com/?id=832414"; break; case -2147221020: //'Invalid Syntax' error; occurs when Q832414 or later version of msxml?.dll has been called sError = "
" + ex.name + "
" + ex.number + " : " + ex.description + "
"; sError += "

Due to a recent security update, this site now requires user's to install the critical update Q832414.

"; sError += "Click here to automatically detect the version of the update you need to install to use this site.
" sError += "If you choose to manually install the update, you will need to determine the correct version for your system and download the update from the article below:

"; sError += "

   832414 - XMLHTTP call fails for URLs with embedded user credentials"; sError += "
    http://support.microsoft.com/?id=832414

"; sError += "To determine which version of the patch is required (the patch is specific to the version and service pack level of MSXML installed on the computer), follow the steps below:"; sError += "
    " ; sError += "
  1. open the Windows Explorer
    2. "; sError += "
  2. Navigate to the \Windows\System
    3. "; sError += "
  3. right click on the file msxml?.dll
    4. "; sError += "
  4. select Properties
    5. "; sError += "
  5. click the Version tab
    6. " ; sError += "
  6. note the version number of the file (supported versions of MSXML are listed below):
    7. " sError += " "; sError += "
" ; break; /* case null: sError = "
" + ex.name + "
" + ex.number + " : " + ex.description + "
"; sError += "

Due to a recent security update, this site now requires user's to install the critical update Q832414.

To manually install the update, download the update from the article below:

"; sError += "

   832414 - XMLHTTP call fails for URLs with embedded user credentials"; sError += "
    http://support.microsoft.com/?id=832414

"; break; */ default: sError = "
" + ex.name + "\n" + ex.number + " - " + ex.description + "
"; break; } return sError; }