Download file by form PHP

Question

I'm trying to dowloand json data by form PHP. File is downloading but dsnt get name which one i defined, also in file print only two characters from my json data.

File inside looks like:

[{

When json data looks:

[{"SIZE":[16,16]}]

He is code:

var dataAsText = JSON.stringify(data); 
var filename=$("#menu-save-text").val();
var _content = dataAsText;
jQuery('<form action="download.php" method="POST"><input type="hidden" name="filename" value="'+filename +'" /><input type="hidden" name="content" value="'+_content+'" /></form>').appendTo('body').submit().remove();

PHP:

<?
            $filename=$POST["filename"];
            header("Content-type: text/plain"); 
            header("Content-Disposition: attachment; filename=".$filename.""); 
            header("Pragma: public");
            header("Expires: 0");
            header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
            header("Cache-Control: private",false);

            echo $_POST["content"];        
    ?>

Downloaded files name is download.php

Answer 1

You're suffering from an HTML injection vulnerability. The " in the JSON is breaking your HTML:

eg the html you build looks like this:

[..snip..]<input type="hidden" name="content" value="[{"SIZE":[16,16]}]" />[..snip..]

Which will be parsed by the browser as:

input:
  value="[}"         // proper attribute
  size":[16,etc...  // unknown/illegal html attribute

In other words, you need to quote your JSON for usage in an html form attribute, eg change all the " to " . That or build the HTML using proper dom methods, and set the content input's value via $(...).val(json_goes_here) -type operations with jquery.