动态设置Content-Type
[英]Set Content-Type dynamically
问题描述
I have the following code, which i'm using to force download of files rather than opening in browser. 
我有以下代码,我用来强制下载文件而不是在浏览器中打开。
if(isset($_POST['file_name'])){
$player_file = $_POST['file_name'];
$accessKey = "REMOVED";
$secretKey = "REMOVED";
$bucket = $_POST['bucket'];
$fname = $_POST['fname'];
$zip_url = el_s3_getTemporaryZipLink($accessKey, $secretKey, $bucket, $fname);
$mp3_url = el_s3_getTemporaryMP3Link($accessKey, $secretKey, $bucket, $fname);
header('Content-type: audio/mpeg3');
header('Content-Disposition: attachment; filename="themixtapesite_'.$player_file.'"');
readfile($mp3_url);
exit();
}
As you can see, i pass all the variables from a form. 如您所见,我传递了表单中的所有变量。 Then use that information to generate a unique Signed URL for the file stored on Amazon S3. 然后使用该信息为存储在Amazon S3上的文件生成唯一的签名URL。
If the file is an MP3 i need it to use the $mp3_url and if it's a Zip file i need to use the $zip_url. 如果文件是MP3,我需要它使用$ mp3_url,如果它是Zip文件,我需要使用$ zip_url。
This has to be really simple, but i've been sat in front of this screen all day now i've got a complete mind blank! 这一定非常简单,但是我整天坐在这个屏幕前,现在我已经有了一个完整的空白!
Any help appreciated. 任何帮助赞赏。
1 个解决方案
解决方案1
2 2013-02-06 14:14:16
- This code is one gigantic security hole. 这段代码是一个巨大的安全漏洞。 You've just opened the doors to your server for anyone willing to use it. 您刚刚为愿意使用它的人打开了服务器的大门。
- Use an array of mime types to determine a mime type out of extension (you'll need additional security checks though, as relaying solely on extension isn't a smart thing to do). 使用mime类型数组来确定扩展名之外的mime类型(但是,您需要进行额外的安全检查,因为仅仅在扩展上进行转发并不是一件明智的事情)。
- Use switch statement to determine which function to use. 使用switch语句确定要使用的函数。 After switch you should have
$url- just one variable storing the extension, not two different variables.切换后你应该有$url- 只有一个存储扩展名的变量,而不是两个不同的变量。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.