Re: [Jmol-users] JSmol php vulnerability

2015-03-23 Thread Robert Hanson
However, SourceForge has not updated the default download yet nor made the files available -- sorry, don't know why. On Mon, Mar 23, 2015 at 10:03 AM, Robert Hanson wrote: > The modified php file is part of Jmol 14.2 and 14.3 releases: > > > https://sourceforge.net/projects/jmol/files/Jmol/Versi

Re: [Jmol-users] JSmol php vulnerability

2015-03-23 Thread Robert Hanson
The modified php file is part of Jmol 14.2 and 14.3 releases: https://sourceforge.net/projects/jmol/files/Jmol/Version%2014.2/Version%2014.2.13/ https://sourceforge.net/projects/jmol/files/Jmol-beta/Jmol%2014.3/Jmol%2014.3.13/ On Mon, Mar 23, 2015 at 8:19 AM, Robert Hanson wrote: > All devel

[Jmol-users] JSmol php vulnerability

2015-03-23 Thread Robert Hanson
All developers are advised to replace on any server implementing JSmol jsmol/php/jsmol.php with http://chemapps.stolaf.edu/jmol/jsmol/php/jsmol_php (with proper filename change back to jsmol.php), as it has a server file-reading vulnerability. Bob -- Robert M. Hanson Larson-Anderson Professo

Re: [Jmol-users] jsmol php

2015-03-01 Thread Robert Hanson
PubChem and NCI Resolver are both on the list -- no bouncing. From JSmolCore.js: _DirectDatabaseCalls:{ // these sites are known to implement access-control-allow-origin * "cactus.nci.nih.gov": "%URL", "www.rcsb.org": "%URL",

Re: [Jmol-users] jsmol php

2015-03-01 Thread Otis Rothenberger
Bob, OK thanks, I think I understand what’s happening here. Related Question: I can load PubChem files directly from PubChem, but I still have to bounce NCI Resolver files off of a server. Is that correct? Otis -- Otis Rothenberger o...@chemagic.com http://chemagic.com > On Mar 1, 2015, at 11

Re: [Jmol-users] jsmol php

2015-03-01 Thread Robert Hanson
Otis, You should add your server to the Jmol.db._DirectDatabaseCalls array. See JSmolCore.js. You don't have to modify Jmol's minified library, just after that is loaded add this: Jmol.db._DirectDatabaseCalls["chemistry.illinoisstate.edu"] = "%URL"; Then JSmol will not try to use its server to

Re: [Jmol-users] jsmol php

2015-02-28 Thread Otis Rothenberger
Bob, The call from the client is a Jquery call to an .aspx script on my server that reads the remote file and returns it as text. Here’s the actual call to the client for 1smd: http://chemistry.illinoisstate.edu/osrothen/models.aspx?name2pdb=1smd

Re: [Jmol-users] jsmol php

2015-02-28 Thread Robert Hanson
The question would be -- what's the call from the *client* On Sat, Feb 28, 2015 at 12:23 PM, Otis Rothenberger wrote: > Bob, > > I’m loading pdb files from RCSB via AJAX and my server. This works with no > problem, but I just noticed that jsmol.php is somehow involved in this > process. Is that

[Jmol-users] jsmol php

2015-02-28 Thread Otis Rothenberger
Bob, I’m loading pdb files from RCSB via AJAX and my server. This works with no problem, but I just noticed that jsmol.php is somehow involved in this process. Is that correct? As a point of information, this is the call from my server: http://www.rcsb.org/pdb/download/downloadFile.do?fileForm

Re: [Jmol-users] JSmol PHP file

2014-07-17 Thread Robert Hanson
On Tue, Jul 15, 2014 at 4:30 AM, wrote: > As a follow up to the recent discussion about Firefox 30, and the use of > the PHP file, there are a few issues I’d like to get sorted in my head; my > current understanding / questions: > > > > - If JSmol is being hosted on a remote server (i.e

[Jmol-users] JSmol PHP file

2014-07-15 Thread chris.wood
As a follow up to the recent discussion about Firefox 30, and the use of the PHP file, there are a few issues I'd like to get sorted in my head; my current understanding / questions: - If JSmol is being hosted on a remote server (i.e. a website), and the developer has an option to all