Office Viewer Component

We have another issue in which we need your assistant: we need to configure the upper menu bar in MS Word like delete, Save, Open … buttons from this bar (we need to hide such buttons from the end user) and we need to control it from our application.

Also we would like to display print dialog (windows) box when we call Print API, as currently when we call print, it prints immediately without displaying the print window or dialog. 

Your fast response is highly appreciated.

function disableBtn(){

document.OA1.LicenseName = “”;

document.OA1.LicenseKey = “”;

var oDoc = document.OA1.ActiveDocument;

var counter = oDoc.ActiveWindow.Application.CommandBars.Count;

var str = ”;

var subStr = ”;

for(var i = 1; i <= counter;i++){

var name = oDoc.ActiveWindow.Application.CommandBars(i).Name;

var count_control=oDoc.ActiveWindow.Application.CommandBars(i).Controls.Count;

for(var j=1;j<=count_control;j++){

var caption = oDoc.ActiveWindow.Application.CommandBars(i).Controls(j).Caption;

caption = caption.replace(‘&’,”).toLowerCase();

if(caption == ‘save’) {

oDoc.ActiveWindow.Application.CommandBars(i).Controls(j).Enabled=false;

alert(name);

}

}

}

}

1. Solves the crash if you apply the “SaveToServer”  methods in Internet explore.

Now you can call the follow scripts to finish the SaveToServer.

Sub SavetoServer()
    If OA1.IsOpened = True Then
     document.body.style.cursor = “wait”
     OA1.HttpInit
     Dim strFileName
     strFileName = OA1.DocumentName
     If strFileName = “” Then
        strFileName = “yourguid”
        strFileName = strFileName + OA1.GetOpenedFileExt()
     End If
      OA1.HttpAddPostOpenedFile strFileName
      OA1.HttpPost “http://www.ocxt.com/demo/upload_weboffice.php”
      document.body.style.cursor = “default”
      Dim sPath
      On Error Resume Next
      sPath = “Save successfully! You can download it at http://www.ocxt.com/demo/” + strFileName
    MsgBox sPath
 Else
  MsgBox “Please open a document firstly!”
 End If
End Sub

2. Adds some new methods.

Function:  HRESULT GetTempFilePath([out,retval] BSTR* strValue);
Description: Gets a temporary file path.

Function:  HRESULT ClearTempFiles();
Description: Clears these temporary files created by the component. The function won’t delete any other files out of OA temporary directory.

Function:  HRESULT GetOpenedFileExt([out,retval] BSTR* strValue);
Description: Gets the file extend of the current opened file.

Function:  HRESULT GetOpenedFileType([out,retval] OpenedFileType* nType);
Description: Gets the file type of the current opened file.

3. Changes the Insecure Method “void HttpDownloadFile(WebUrl, LocalFile, WebUsername, WebPassword)” to “BSTR HttpDownloadFileToTempDir(WebUrl, WebUsername, VARIANT WebPassword);

Now the component can only download the file to “Internet temporary file directory\OA\”. So anybody can’t use the method to download a file then conver a good system file.

When working with Office Documents you may want to display these documents directly in Visual Basic, but do not want to create an embedded OLE object using the OLE container control. Instead, you would like to link to an existing document and open it as an in-place ActiveX Document object.

ActiveX Documents are embeddable OLE objects that behave more like ActiveX controls than traditional OLE objects. Unlike a normal embedded object, an ActiveX Document is not designed to be a contained object in a larger document. Instead, it is considered a complete document in itself, which is merely being viewed by a viewer (such as Internet Explorer) or is being collected into a single resource with other documents (such as a Binder file).

While Microsoft Visual Basic does not currently support hosting ActiveX Documents directly, you can work around this limitation by using the capabilities of Internet Explorer and its WebBrowser control. The WebBrowser control (Shdocvw.dll) is a part of Internet Explorer and can only be used on systems that have Internet Explorer installed.

But the Webbrowser control has lot’s of flaws. It can’t open the office viewer with the read only property. It can’t open the file stream and save it back to the server. There isn’t any support for the office automation so that the developers can’t extend the own functions.

Fortunately, the Edraw Office Viewer Component offers the solution. It acts as an ActiveX document container for embeding Office documents (including Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Project, and Microsoft Visio documents) in a custom form or Web page. The control is lightweight and flexible, and gives developers new possibilities for using Office in a custom solution. More information

If you are building a .NET application and you are struggling to find a way to host Word documents, Excel spreadsheets, PowerPoint presentations, Visio drawings orProject files, you might consider using the Visual C++ ActiveX Control for hosting Office documents. I learned about this download resource and I was shocked to see how you can add it to your solution and start working with Office applications in less than a minute. You can open Office applications, format content, update documents, save changes, print, and more inside your application. The EDraw Office Viewer Component is an Active X control written in MFC. The download includes some sample codes to use it inside Visual Basic, HTML pages, C#, Asp.NEt. You can also enable and disable specific functionality by using a full set of properties, methods, and events exposed for customization.

You can also host the control inside managed applications following these simple steps:

1. Downlad the EDraw Office Viewer Component.
2. Open Visual Studio .NET. 
3. Open your WinForms or WebForms application.
4. Add the EDraw Office Viewer Component to the Toolbox: 
5. On the Tools menu, click Customize Toolbox (in Visual Studio .NET 2002), or click Add/Remove Toolbox Items (in Visual Studio .NET 2003 or 2005), and then click the COM Components tab. 
6. On the COM Components tab, select EDraw Office Viewer Component. 
7. Click OK to close the Customize Toolbox dialog box.
8. Select the EDraw Office Viewer Component icon that appears in the ToolBox and drag-and-drop the control over the Form or Web Form.
9. Adjust the control’s docking/size as needed.
10. Build and run the application.
11. Create a new document to test the control.
12. You can call more than one hundred methods to customize your application.

Edraw Office Viewer Component version 5.1 released yesterday. New version provides more than one hundred methods. Now you can do some office automation with our component directly. You can open and play the slideshow in a customize form. You can create a new excel workbook then fill in the sheet with the data from your database. You can limit the user to edit or print the Word document by setting the readonly mode.

Now the new version supports both the HTTP and HTTPS. It also supports the website with password. Of course you can upload or download the file via FTP too.

What’s new

1. Support HTTP/HTTPS and the website with the password.

2. You can set the Readonly mode for both Word and Excel.

3. You can play the slideshow in the same window without the web toolbars and the scrollbar.

4. Now it’s no problem to open the hyperlink in the office document.

5. Now it’s no problem to play the media, animation, vedio in the PowerPoint slide file.

6. Support Both Print and PrintPreview. You can enable or disable them too.

7. You can put multiple office programs in a form or open multiple EDraw Office Viewer Component instances in the internet explore.

8. Insert the image, text, html, rtf to your Word document with the office automation interfaces.

9. More setting for rulers, gridlines, toolbars, menubars, titlebar, caption and color scheme.

10. Suport the clipboard operator. You can insert the data into the Word or Excel from the clipbard.

New version has removed the ”DeleteLocalFile” method to avoid the attack. Now the component will delete the temporary files when it exits.

We improved the HTTP download file too and provide a securer download method in the version 5.

The follow article is the vulnerable description about the 4.0 version. 

Multiple vulnerabilities have been identified in EDraw Office Viewer Component v4.0, which could be exploited by remote attackers to delete arbitrary files or take complete control of an affected system.

The first issue is caused by a design error in the “DeleteLocalFile()” method within the “edrawofficeviewer.ocx” ActiveX control, which could be exploited by attackers to delete arbitrary files from a vulnerable system by tricking a user into visiting a specially crafted web page.

The second vulnerability is caused by a buffer overflow error in the “edrawofficeviewer.ocx” ActiveX control when processing malformed arguments passed to the “HttpDownloadFile()” method, which could be exploited by remote attackers to execute arbitrary code via a malicious web page.

In Office Viewer new version, you can use OpenFileFromStream to open a appointed file or open a file in database.

Either you want to open an appointed file or open a file from database, for client side, all what you need do is the
same, like following:

m_oEdrawOfficeViewer.HttpInit();
m_oEdrawOfficeViewer.HttpAddpostString(L”DocumentID”, L”Tester.doc”);
m_oEdrawOfficeViewer.HttpOpenFileFromStream(strDownloadPath,varOpt,varOpt,varOpt);

Before you call function HttpOpenFileFromStream, you should do two things, one is to initialize http for clearing all parameters and cookies in http, another thing is to appoint the file or database record. And then use HttpOpenFileFromStream to send the request to the destinated webpage.
Before HttpOpenFileFromStream send request, it will add a couple of parameters automatically.
m_OAHttp.AddPostArgument(L”EDA_GETSTREAMDATA”, L”EDA_YES”);
This couple of parameters tell the destinated webpage OfficeViewer will received file as stream.

At the web side, webpage will decide to read which file or database reacord accordding to the post parameters.
And you should add boundary flag ‘EDA_STREAMBOUNDARY’ to file data, following is the asp.net demo.

if (Request.Params["EDA_GETSTREAMDATA"] == “EDA_YES”)
{
  String fullFileName = Server.MapPath(Request.Params["DocumentID"]);
  Byte[] fs = File.ReadAllBytes(fullFileName);

  Response.Write(“Get Stream Successfully!”);
  Response.Write(“EDA_STREAMBOUNDARY”);
  Response.BinaryWrite(fs);
  Response.Write(“EDA_STREAMBOUNDARY”);
}

Sub ListCellControls()
k = Application.CommandBars(“Cell”).Controls.Count
For i = 1 To k
Cells(i, 1) = i ‘ID
Cells(i, 2) = Application.CommandBars(“Cell”).Controls(i).Caption
Next i
End Sub