473,769 Members | 7,320 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Download

Rod
Hi,

I have a script that download any file to the user according to the
parameters.
I call the script like this:
download.php?fi le=xxx/myfile.doc&file _short=myfile.d oc

My script is working fine except with N4.7
It opens the download box, but the name is download.php instead of
myfile.doc
I found the same bug with N7 on the Net. The workaround is to call the
script with "/" :
download.php/?file=xxx/myfile.doc&file _short=myfile.d oc

It solves the problem with N7, but with N4.7, the only difference is with
the name. Now it is :
download_php.ht m

If I specify the content type related to the file, it works fine. But I
can't do that because the file type can be anything.
It can be a word, excel or pdf file etc etc
Do you have any idea or a script to automatically set the content-type
according to the file extension ?

here is my script:
Header("Content-Type: application/octet-stream");
Header("Content-Length: ".filesize($_GE T['file']));
Header("Content-Disposition: attachment; filename=".$_GE T['file_short']);
readfile($_GET['file']);

Many thanks nad sorry for this bad english

Rod

Jul 16 '05 #1
3 3208
On Tue, 16 Sep 2003 11:37:40 +0200 in
<message-id:bk********** @home.itg.ti.co m>
"Rod" <to**@toto.co m> wrote:
Hi,

I have a script that download any file to the user according to the
parameters.
I call the script like this:
download.php?fi le=xxx/myfile.doc&file _short=myfile.d oc

[ snip ]

here is my script:
Header("Content-Type: application/octet-stream");
Header("Content-Length: ".filesize($_GE T['file']));
Header("Content-Disposition: attachment;
filename=".$_GE T['file_short']); readfile($_GET['file']);

Many thanks nad sorry for this bad english

Rod

Don't know what the problem is, but have you not thought about
security!?!?
download.php?fi le=/etc/passwd&file_sho rt=passwd

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.
Jul 16 '05 #2
Rod
Hi,

thanks you for your answer.
Actually, I found the problem.
The real filenames contain space so you need to use the URLENCODE function
before calling the download.php script.
Otherwise, the $GET function returns an empty string when trying to get the
parameters. (only with N4.7)

Regarding the security, your're right!
Actually, what I did is an application that browse a specific directory with
all its sub-directories.
When the user clickes on a file within a directory, it is downloaded.
I think I should check that there are no ".." characters in the filename to
be sure the file is in a sub-directory of the main directory.
Do you think it is enough?
any idea?
thanks again

Rod
"Ian.H [dS]" <ia*@WINDOZEdig iserv.net> wrote in message
news:2003091612 4658.5a8f51c8.i a*@WINDOZEdigis erv.net...
On Tue, 16 Sep 2003 11:37:40 +0200 in
<message-id:bk********** @home.itg.ti.co m>
"Rod" <to**@toto.co m> wrote:
Hi,

I have a script that download any file to the user according to the
parameters.
I call the script like this:
download.php?fi le=xxx/myfile.doc&file _short=myfile.d oc

[ snip ]

here is my script:
Header("Content-Type: application/octet-stream");
Header("Content-Length: ".filesize($_GE T['file']));
Header("Content-Disposition: attachment;
filename=".$_GE T['file_short']); readfile($_GET['file']);

Many thanks nad sorry for this bad english

Rod

Don't know what the problem is, but have you not thought about
security!?!?
download.php?fi le=/etc/passwd&file_sho rt=passwd

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.

Jul 16 '05 #3
On Tue, 16 Sep 2003 14:03:34 +0200 in
<message-id:bk********** @home.itg.ti.co m>
"Rod" <to**@toto.co m> wrote:
Hi,

thanks you for your answer.
Actually, I found the problem.
The real filenames contain space so you need to use the URLENCODE
function before calling the download.php script.
Otherwise, the $GET function returns an empty string when trying to
get the parameters. (only with N4.7)

Ahh interesting Rod, but it makes sense. I personally try and avoid
files with spaces like the plague, and use a _ (underscore) instead
(file_name.txt etc).. althoguh this might not be an option for you
(depending on the nature of your site).


Regarding the security, your're right!
Actually, what I did is an application that browse a specific
directory with all its sub-directories.
When the user clickes on a file within a directory, it is downloaded.
I think I should check that there are no ".." characters in the
filename to be sure the file is in a sub-directory of the main
directory. Do you think it is enough?
any idea?
thanks again

Are you the admin of the server Rod? If so, it migt be worth thinking
about the safemode and open_basedir options in php.ini which will hyelp
you define what dirs a script can access. You need to define an
"absolute base" somewhere safe.. even if it's a directory like:
'/foo/repository'. Let them browse 'til their heart's content, but don't
let them out of it. Again, this might not be a possability, I really
don't know the nature of your script or what kind of filesystem access
you're giving people or what they need.

Checking for '.' and '..' are important.. something like:
if (substr($file, 0, 1) != '.' || substr($file, 0, 2) != '..') {
/* display non . | .. directories and non dotfiles (.htaccess) */
}
Assumptions made here with $file for demo purposes, but this is how I
at least start with scripts that read directory contents.

I'm writing a filemanager for a Web control panel app I'm coding, this
will be defined as the users Webroot dir as the base
(/home/someone/html). They'll be able to browse any files / dirs within
there (including dotfiles as they'll own them) but they won't be able to
access '/home/someone' for example. This prevents them "leaking" around
the rest of the file system too.

</2p_worth>

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.
Jul 16 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
8539
Close window after binary download
by: chon | last post by:
I have an ASP page that is sent a file location as a parameter. It opens this file, loads the ADODB.Stream object and does a binary write to the page forcing the download dialog to appear. This all works fine. If the user selects "Open" or "Cancel", the window closes, which is the desired behavior. If they select "Save", the location dialog shows up, they save the file and the window remains open. I've tried a number of things to get...
ASP / Active Server Pages
0
2582
C# program for automatic web file download ?
by: jmd | last post by:
Hello. I want to write a C# program that does completely automatically what, until now, I do manually, witch is describe below : 1. I launch IE (6) 2. I browse to my desired download page, say http://www.site.com/download This download page contains some textboxes, checkboxes, radiobuttons, a DOWNLOAD BUTTON and text 3. I check some checkboxes, select some radiobuttons, enter text in some textboxes and click on the download button
C# / C Sharp
0
1833
More File download questions
by: Buddy Ackerman | last post by:
I am trying to implment a file download via a link such that when clicked, instead of starting the default application for that type of file the user will be presented with a download dialog window. Well, thanks to Steve Orr, I have that working. However, I still have a few issues. First, the download dialog does not have the name of the file being downloaded in the "File name" field, instead it has the name of the aspx page that have...
ASP.NET
3
1645
Performing a download along with another action
by: Nathan Sokalski | last post by:
I have a webform that contains a button which I want to do three things: 1. Delete a record from a database 2. Let the user download a text file that is generated 3. Refresh the page to show that the record was deleted I am able to do any of these things separately with no trouble. The problem occurs when I try to offer a download AND call my refresh method. When I try to do a download and call my refresh method, only the download is...
ASP.NET
18
16407
vb.net program for automatic web file download ?
by: jmd | last post by:
Hello, I posted the following in the C# forum but without one answer. But perhaps now in vb.net someone has some guidelines ! This is my question : I want to write a vb.net program that does completely automatically what, until now, I do manually, witch is describe below : 1. I launch IE (6)
Visual Basic .NET
1
3582
Download with a timeout
by: a.r.austin | last post by:
Hello, I am trying to download a few files one after another from a remote server. Problem is that I don't know how to, or if I am able at all, set a time out for download. I don't want to time out whole script, just a part if file won't download in 2mins then skip to the next one. Previously, I had a Javascript implementation with AJAX, this time I thought of doing it in PHP since PHP has far better array functions, I don't have to do...
PHP
16
3257
HELP! Trying to add Email Notification to Download File Code
by: matt | last post by:
I have used some free code for listing files for download, but I want to send an email to the administrator when the file has been downloaded. I have got some code in here that does it, but it will not print in the username or email amddress of the person doing the download - which I am collecting from a form on the previous page. I can get the name and email address to print out normally, just not into the email sending body. I have...
PHP
1
2174
download ringtone
by: JayLembeck | last post by:
Over 50,000 Free Ringtone. Get the Latest Ringtone. Download now- Fast, Free and Easy. Get your FREE surprise RINGTONE now! http://seekoutfast.info/free-ringtone/ free ringtone free ringtone new ringtone popular ringtine download ringtone download verizon ringtone download cingular ringtone download mosquito ringtone download mp3 ringtone download nextel ringtone download verizon ringtone download nokia ringtone download midi ringtone mobile...
.NET Framework
5
3693
Response.WriteFile() Doesn't Trigger Download Managers
by: Khafancoder | last post by:
Hi guys, i am building a FileSharing website, i wanna allow users to be able using download managers such as DAP to download files from webserver but don't allow them to retrive files url... so i used Response.WriteFile but it won't trigger any download manager such as DAP or FlashGet i used this code :
ASP.NET
1
47484
KevinADC
How to Make a File Download Script with Perl
by: KevinADC | last post by:
Note: You may skip to the end of the article if all you want is the perl code. Introduction Many websites have a form or a link you can use to download a file. You click a form button or click on a link and after a moment or two a file download dialog box pops-up in your web browser and prompts you for some instructions, such as “open” or “save“. I’m going to show you how to do that using a perl script. What You Need Any recent...
Perl
0
10216
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10049
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9865
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8873
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7413
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6675
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5309
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
3965
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3565
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us