标头(“ Content-Type:应用程序/ zip”)和标头(“ Content-Disposition:附件;文件名= $ fileName”)在wordpress中不起作用?
[英]header(“Content-Type: application/zip”) and header(“Content-Disposition: attachment; filename=$fileName”) not working in wordpress?
问题描述
The above two function not working in wordpress.
以上两个功能在wordpress中不起作用。 I want to download file and i am running wordpress in xampp also i have tried it in another online server with wordpress framework still not working. 我想下载文件,并且我在xampp中运行wordpress,我也曾在另一台在线服务器中尝试过它,而wordpress框架仍然无法正常工作。
but this is working in another online server where i have not used wordpress framework. 但这在另一个我没有使用wordpress框架的在线服务器上工作。
Is there is problem with wordpress using the above two function? 使用上述两个功能的wordpress是否有问题?
(below code just take get request which is the path to the file to be downloaded from the server and after validating token the path is given from database) (下面的代码只接受get请求,这是要从服务器下载的文件的路径,并且在验证令牌后,该路径是从数据库给出的)
<?php
ini_set('display_errors', -1 );
require('wp-blog-header.php');
require('wp-config.php');
$token = ($_GET["token"]);
$platform = ($_GET["platform"]);
$resolution = ($_GET["resolution"]);
$assetName =($_GET["assetName"]);
$currentTime = date("ymdHi" , time());
if($wpdb->query("SELECT * FROM wp_token_table WHERE token='$token'")){
$result = $wpdb->get_results("SELECT (path) FROM wp_path_table WHERE os='$platform' AND res = '$resolution' AND bundle_name= '$assetName'");
if($result){
$path = $result[0]->path;
$fileName = basename($assetName);
$filePath = $path;
if(!empty($fileName) && file_exists($filePath)){
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: application/zip");
header("Content-Length:".filesize($filePath));
header("Content-Disposition: attachment; filename=$fileName");
header("Content-Transfer-Encoding: binary");
readfile($filePath);
exit;
}
}
}else echo "false";
?>
1 个解决方案
解决方案1
1 已采纳 2016-06-29 06:30:24
first of all lets verify my assumption is correct. 首先让我们验证我的假设是正确的。 In the wordpress index.php file, right at the top add this ( obviously after the <?php tag though ) 在wordpress index.php文件中,在顶部添加此名称(尽管明显在<?php标记之后)
ini_set('display_errors', -1 );
Let me know what that says when you try to download the file. 让我知道您尝试下载文件时的提示。
SQL Injection would let me do this with your url SQL注入将允许我使用您的网址执行此操作
$token="'; SELECT * FROM wp_token_table WHERE 1 LIMIT 1; --";
And then your query would be this 然后您的查询将是这样
"SELECT * FROM wp_token_table WHERE token=''; SELECT * FROM wp_token_table WHERE 1 LIMIT 1; --'"
The -- is start of comment to discard the ending ' then i would essentially select the first entry from that table. --是注释的开头,以丢弃结尾的'那么我实质上将从该表中选择第一个条目。 Or worse. 或更糟。
It's very important to prevent that. 防止这种情况非常重要。
For the error, I would do this 对于错误,我会这样做
<?php
echo "hello";
/* -- rest of code */
And make sure the page works first. 并确保页面首先生效。 Once you know that you can rule out problems with the url, then uncomment bits of the code tell it breaks. 一旦知道可以排除url的问题,那么代码的未注释位便表明它已中断。 That will show you where the error is. 这将向您显示错误所在。 Unfortunately error reporting wont generally work if its on a page with a syntax error, because php cant even parse the page, so it cant run anything on it. 不幸的是,错误报告通常无法在语法错误的页面上运行,因为php甚至无法解析该页面,因此它无法在页面上运行任何内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.