473,414 Members | 1,618 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > download

Join Bytes to post your question to a community of 473,414 software developers and data experts.

Download

Rod
Hi,

I have a script that download any file to the user according to the
parameters.
I call the script like this:
download.php?file=xxx/myfile.doc&file_short=myfile.doc

My script is working fine except with N4.7
It opens the download box, but the name is download.php instead of
myfile.doc
I found the same bug with N7 on the Net. The workaround is to call the
script with "/" :
download.php/?file=xxx/myfile.doc&file_short=myfile.doc

It solves the problem with N7, but with N4.7, the only difference is with
the name. Now it is :
download_php.htm

If I specify the content type related to the file, it works fine. But I
can't do that because the file type can be anything.
It can be a word, excel or pdf file etc etc
Do you have any idea or a script to automatically set the content-type
according to the file extension ?

here is my script:
Header("Content-Type: application/octet-stream");
Header("Content-Length: ".filesize($_GET['file']));
Header("Content-Disposition: attachment; filename=".$_GET['file_short']);
readfile($_GET['file']);

Many thanks nad sorry for this bad english

Rod

Jul 16 '05 #1
3 3183
On Tue, 16 Sep 2003 11:37:40 +0200 in
<message-id:bk**********@home.itg.ti.com>
"Rod" <to**@toto.com> wrote:
Hi,

I have a script that download any file to the user according to the
parameters.
I call the script like this:
download.php?file=xxx/myfile.doc&file_short=myfile.doc

[ snip ]

here is my script:
Header("Content-Type: application/octet-stream");
Header("Content-Length: ".filesize($_GET['file']));
Header("Content-Disposition: attachment;
filename=".$_GET['file_short']); readfile($_GET['file']);

Many thanks nad sorry for this bad english

Rod

Don't know what the problem is, but have you not thought about
security!?!?
download.php?file=/etc/passwd&file_short=passwd

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #2
Rod
Hi,

thanks you for your answer.
Actually, I found the problem.
The real filenames contain space so you need to use the URLENCODE function
before calling the download.php script.
Otherwise, the $GET function returns an empty string when trying to get the
parameters. (only with N4.7)

Regarding the security, your're right!
Actually, what I did is an application that browse a specific directory with
all its sub-directories.
When the user clickes on a file within a directory, it is downloaded.
I think I should check that there are no ".." characters in the filename to
be sure the file is in a sub-directory of the main directory.
Do you think it is enough?
any idea?
thanks again

Rod
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> wrote in message
news:20030916124658.5a8f51c8.ia*@WINDOZEdigiserv.n et...
On Tue, 16 Sep 2003 11:37:40 +0200 in
<message-id:bk**********@home.itg.ti.com>
"Rod" <to**@toto.com> wrote:
Hi,

I have a script that download any file to the user according to the
parameters.
I call the script like this:
download.php?file=xxx/myfile.doc&file_short=myfile.doc

[ snip ]

here is my script:
Header("Content-Type: application/octet-stream");
Header("Content-Length: ".filesize($_GET['file']));
Header("Content-Disposition: attachment;
filename=".$_GET['file_short']); readfile($_GET['file']);

Many thanks nad sorry for this bad english

Rod

Don't know what the problem is, but have you not thought about
security!?!?
download.php?file=/etc/passwd&file_short=passwd

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

Jul 16 '05 #3
On Tue, 16 Sep 2003 14:03:34 +0200 in
<message-id:bk**********@home.itg.ti.com>
"Rod" <to**@toto.com> wrote:
Hi,

thanks you for your answer.
Actually, I found the problem.
The real filenames contain space so you need to use the URLENCODE
function before calling the download.php script.
Otherwise, the $GET function returns an empty string when trying to
get the parameters. (only with N4.7)

Ahh interesting Rod, but it makes sense. I personally try and avoid
files with spaces like the plague, and use a _ (underscore) instead
(file_name.txt etc).. althoguh this might not be an option for you
(depending on the nature of your site).


Regarding the security, your're right!
Actually, what I did is an application that browse a specific
directory with all its sub-directories.
When the user clickes on a file within a directory, it is downloaded.
I think I should check that there are no ".." characters in the
filename to be sure the file is in a sub-directory of the main
directory. Do you think it is enough?
any idea?
thanks again

Are you the admin of the server Rod? If so, it migt be worth thinking
about the safemode and open_basedir options in php.ini which will hyelp
you define what dirs a script can access. You need to define an
"absolute base" somewhere safe.. even if it's a directory like:
'/foo/repository'. Let them browse 'til their heart's content, but don't
let them out of it. Again, this might not be a possability, I really
don't know the nature of your script or what kind of filesystem access
you're giving people or what they need.

Checking for '.' and '..' are important.. something like:
if (substr($file, 0, 1) != '.' || substr($file, 0, 2) != '..') {
/* display non . | .. directories and non dotfiles (.htaccess) */
}
Assumptions made here with $file for demo purposes, but this is how I
at least start with scripts that read directory contents.

I'm writing a filemanager for a Web control panel app I'm coding, this
will be defined as the users Webroot dir as the base
(/home/someone/html). They'll be able to browse any files / dirs within
there (including dotfiles as they'll own them) but they won't be able to
access '/home/someone' for example. This prevents them "leaking" around
the rest of the file system too.

</2p_worth>

Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Close window after binary download
by: chon | last post by:
I have an ASP page that is sent a file location as a parameter. It opens this file, loads the ADODB.Stream object and does a binary write to the page forcing the download dialog to appear. This...
ASP / Active Server Pages
0
C# program for automatic web file download ?
by: jmd | last post by:
Hello. I want to write a C# program that does completely automatically what, until now, I do manually, witch is describe below : 1. I launch IE (6) 2. I browse to my desired download page, say...
C# / C Sharp
0
More File download questions
by: Buddy Ackerman | last post by:
I am trying to implment a file download via a link such that when clicked, instead of starting the default application for that type of file the user will be presented with a download dialog...
ASP.NET
3
Performing a download along with another action
by: Nathan Sokalski | last post by:
I have a webform that contains a button which I want to do three things: 1. Delete a record from a database 2. Let the user download a text file that is generated 3. Refresh the page to show...
ASP.NET
18
vb.net program for automatic web file download ?
by: jmd | last post by:
Hello, I posted the following in the C# forum but without one answer. But perhaps now in vb.net someone has some guidelines ! This is my question : I want to write a vb.net program that does...
Visual Basic .NET
1
Download with a timeout
by: a.r.austin | last post by:
Hello, I am trying to download a few files one after another from a remote server. Problem is that I don't know how to, or if I am able at all, set a time out for download. I don't want to time...
PHP
16
HELP! Trying to add Email Notification to Download File Code
by: matt | last post by:
I have used some free code for listing files for download, but I want to send an email to the administrator when the file has been downloaded. I have got some code in here that does it, but it will...
PHP
1
download ringtone
by: JayLembeck | last post by:
Over 50,000 Free Ringtone. Get the Latest Ringtone. Download now- Fast, Free and Easy. Get your FREE surprise RINGTONE now! http://seekoutfast.info/free-ringtone/ free ringtone free ringtone new...
.NET Framework
5
Response.WriteFile() Doesn't Trigger Download Managers
by: Khafancoder | last post by:
Hi guys, i am building a FileSharing website, i wanna allow users to be able using download managers such as DAP to download files from webserver but don't allow them to retrive files url......
ASP.NET
1
KevinADC
How to Make a File Download Script with Perl
by: KevinADC | last post by:
Note: You may skip to the end of the article if all you want is the perl code. Introduction Many websites have a form or a link you can use to download a file. You click a form button or click...
Perl
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!