Office Viewer Component

We have written a demo page with javascript. Anybody can visit it at

http://www.ocxt.com/oademo_javascript.php

You can find all the sample projects in the install directory.

1. Solves the crash if you apply the “SaveToServer”  methods in Internet explore.

Now you can call the follow scripts to finish the SaveToServer.

Sub SavetoServer()
    If OA1.IsOpened = True Then
     document.body.style.cursor = “wait”
     OA1.HttpInit
     Dim strFileName
     strFileName = OA1.DocumentName
     If strFileName = “” Then
        strFileName = “yourguid”
        strFileName = strFileName + OA1.GetOpenedFileExt()
     End If
      OA1.HttpAddPostOpenedFile strFileName
      OA1.HttpPost “http://www.ocxt.com/demo/upload_weboffice.php”
      document.body.style.cursor = “default”
      Dim sPath
      On Error Resume Next
      sPath = “Save successfully! You can download it at http://www.ocxt.com/demo/” + strFileName
    MsgBox sPath
 Else
  MsgBox “Please open a document firstly!”
 End If
End Sub

2. Adds some new methods.

Function:  HRESULT GetTempFilePath([out,retval] BSTR* strValue);
Description: Gets a temporary file path.

Function:  HRESULT ClearTempFiles();
Description: Clears these temporary files created by the component. The function won’t delete any other files out of OA temporary directory.

Function:  HRESULT GetOpenedFileExt([out,retval] BSTR* strValue);
Description: Gets the file extend of the current opened file.

Function:  HRESULT GetOpenedFileType([out,retval] OpenedFileType* nType);
Description: Gets the file type of the current opened file.

3. Changes the Insecure Method “void HttpDownloadFile(WebUrl, LocalFile, WebUsername, WebPassword)” to “BSTR HttpDownloadFileToTempDir(WebUrl, WebUsername, VARIANT WebPassword);

Now the component can only download the file to “Internet temporary file directory\OA\”. So anybody can’t use the method to download a file then conver a good system file.

If you are building a .NET application and you are struggling to find a way to host Word documents, Excel spreadsheets, PowerPoint presentations, Visio drawings orProject files, you might consider using the Visual C++ ActiveX Control for hosting Office documents. I learned about this download resource and I was shocked to see how you can add it to your solution and start working with Office applications in less than a minute. You can open Office applications, format content, update documents, save changes, print, and more inside your application. The EDraw Office Viewer Component is an Active X control written in MFC. The download includes some sample codes to use it inside Visual Basic, HTML pages, C#, Asp.NEt. You can also enable and disable specific functionality by using a full set of properties, methods, and events exposed for customization.

You can also host the control inside managed applications following these simple steps:

1. Downlad the EDraw Office Viewer Component.
2. Open Visual Studio .NET. 
3. Open your WinForms or WebForms application.
4. Add the EDraw Office Viewer Component to the Toolbox: 
5. On the Tools menu, click Customize Toolbox (in Visual Studio .NET 2002), or click Add/Remove Toolbox Items (in Visual Studio .NET 2003 or 2005), and then click the COM Components tab. 
6. On the COM Components tab, select EDraw Office Viewer Component. 
7. Click OK to close the Customize Toolbox dialog box.
8. Select the EDraw Office Viewer Component icon that appears in the ToolBox and drag-and-drop the control over the Form or Web Form.
9. Adjust the control’s docking/size as needed.
10. Build and run the application.
11. Create a new document to test the control.
12. You can call more than one hundred methods to customize your application.

EDraw Office Viewer Component version 5.1 released yesterday. New version provides more than one hundred methods. Now you can do some office automation with our component directly. You can open and play the slideshow in a customize form. You can create a new excel workbook then fill in the sheet with the data from your database. You can limit the user to edit or print the Word document by setting the readonly mode.

Now the new version supports both the HTTP and HTTPS. It also supports the website with password. Of course you can upload or download the file via FTP too.

What’s new

1. Support HTTP/HTTPS and the website with the password.

2. You can set the Readonly mode for both Word and Excel.

3. You can play the slideshow in the same window without the web toolbars and the scrollbar.

4. Now it’s no problem to open the hyperlink in the office document.

5. Now it’s no problem to play the media, animation, vedio in the PowerPoint slide file.

6. Support Both Print and PrintPreview. You can enable or disable them too.

7. You can put multiple office programs in a form or open multiple EDraw Office Viewer Component instances in the internet explore.

8. Insert the image, text, html, rtf to your Word document with the office automation interfaces.

9. More setting for rulers, gridlines, toolbars, menubars, titlebar, caption and color scheme.

10. Suport the clipboard operator. You can insert the data into the Word or Excel from the clipbard.

New version has removed the ”DeleteLocalFile” method to avoid the attack. Now the component will delete the temporary files when it exits.

We improved the HTTP download file too and provide a securer download method in the version 5.

The follow article is the vulnerable description about the 4.0 version. 

Multiple vulnerabilities have been identified in EDraw Office Viewer Component v4.0, which could be exploited by remote attackers to delete arbitrary files or take complete control of an affected system.

The first issue is caused by a design error in the “DeleteLocalFile()” method within the “edrawofficeviewer.ocx” ActiveX control, which could be exploited by attackers to delete arbitrary files from a vulnerable system by tricking a user into visiting a specially crafted web page.

The second vulnerability is caused by a buffer overflow error in the “edrawofficeviewer.ocx” ActiveX control when processing malformed arguments passed to the “HttpDownloadFile()” method, which could be exploited by remote attackers to execute arbitrary code via a malicious web page.

In Office Viewer new version, you can use OpenFileFromStream to open a appointed file or open a file in database.

Either you want to open an appointed file or open a file from database, for client side, all what you need do is the
same, like following:

m_oEdrawOfficeViewer.HttpInit();
m_oEdrawOfficeViewer.HttpAddpostString(L”DocumentID”, L”Tester.doc”);
m_oEdrawOfficeViewer.HttpOpenFileFromStream(strDownloadPath,varOpt,varOpt,varOpt);

Before you call function HttpOpenFileFromStream, you should do two things, one is to initialize http for clearing all parameters and cookies in http, another thing is to appoint the file or database record. And then use HttpOpenFileFromStream to send the request to the destinated webpage.
Before HttpOpenFileFromStream send request, it will add a couple of parameters automatically.
m_OAHttp.AddPostArgument(L”EDA_GETSTREAMDATA”, L”EDA_YES”);
This couple of parameters tell the destinated webpage OfficeViewer will received file as stream.

At the web side, webpage will decide to read which file or database reacord accordding to the post parameters.
And you should add boundary flag ‘EDA_STREAMBOUNDARY’ to file data, following is the asp.net demo.

if (Request.Params["EDA_GETSTREAMDATA"] == “EDA_YES”)
{
  String fullFileName = Server.MapPath(Request.Params["DocumentID"]);
  Byte[] fs = File.ReadAllBytes(fullFileName);

  Response.Write(”Get Stream Successfully!”);
  Response.Write(”EDA_STREAMBOUNDARY”);
  Response.BinaryWrite(fs);
  Response.Write(”EDA_STREAMBOUNDARY”);
}

Sub ListCellControls()
k = Application.CommandBars(”Cell”).Controls.Count
For i = 1 To k
Cells(i, 1) = i ‘ID
Cells(i, 2) = Application.CommandBars(”Cell”).Controls(i).Caption
Next i
End Sub

You can host multiple office component in a form or you can open multiple office instance in your internet explore with EDraw Office Viewer Component version 5.

Note: you need set the Frame hook policy as SetOnFirstOpen and Component activation policy as KeepUIActiveOnAppDeactive.

Frame hook policy
To correctly handle activation when the host gains or loses foreground status, the ActiveX control uses a frame hook. By default, the hook is set when the control is created. In some situations, especially when the control is used from a multi-threaded UI host or when the control is nested in a container control like a Tab page in a .NET WinForm application, the parent of the control at create time may not be the correct window for the control to hook when it is running. In these situations, you can use the FrameHookPolicy property to reset the hook at a more suitable time. For example, if you build a .NET WinForm solution, set the FrameHookPolicy property to SetOnFirstOpen in the Properties window.
 

Component activation policy
The sample control can support more than one instance of itself in a given host application. However, only one control can be active at a given time. This is a requirement of ActiveX Document hosting. To handle multiple instances in a single host, the control registers itself with a component manager. This lets the component manager keep track of the active control. Use the ActivationPolicy property to control how the embedded object is handled during component changes. The ActivationPolicy property can be set to one or more of the bit flags that are defined by the ActivationPolicy enumeration.

Every time a user selects an item from the File menu or an item on a toolbar that is associated with a file command, the OnFileCommand event is raised. The event allows you to override the default behavior for the control and supply your own custom actions and dialog boxes to do normal file operations.

You can also enable or disable items on the File menu by using the EnableFileCommand property. For example, the following code disables the Open command, and then traps print calls to prevent a user from opening:
Private Sub Form_Load()
OfficeViewer.EnableFileCommand(dsoFileOpen) = False
End SubPrivate Sub Framer1_OnFileCommand(ByVal Item As _
OfficeViewer.FileCommandType, Cancel As Boolean)
If Item = FileOpen Then
MsgBox "You asked to open, but I won't allow it."
Cancel = True
End If
End Sub

Q: We have a method “OA1.WordGotoItem wdGoToPage, wdGoToNext”. In a web page this method doesn’t work. Is there any way to use this method in a web page?

A: Referent the follow enums then write the number in the function.

OA1.WordGoToItem 1, 2