Currently I'm using following php code to download file.
Php Code:
<?php
timeout();
//require_once("config.php");
if(!isset($_SESSION['front_username']) && isset($_SESSION['front_username']) == "" &&
!isset($_SESSION['front_password']) && isset($_SESSION['front_password']) == "" &&
!isset($_SESSION['user_id']) && isset($_SESSION['user_id']) == "") {
header("Location:login.php");
exit();
}
$file_get = $_GET['filename'];
$tmp = explode(".",$file_get);
$file_name1 = substr($file_get, 33);
switch ($tmp[count($tmp)-1]) {
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "docx":
case "doc": $ctype="application/msword"; break;
case "csv":
case "xls":
case "xlsx": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
case "tif":
case "tiff": $ctype="image/tiff"; break;
case "psd": $ctype="image/psd"; break;
case "bmp": $ctype="image/bmp"; break;
case "ico": $ctype="image/vnd.microsoft.icon"; break;
default: $ctype="application/force-download";
}
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename=\"".$file_name1."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize("upload_doc/$file_get"));
ob_clean();
flush();
readfile("upload_doc/$file_get" );
?>
It's downloading correctly if the uploaded file name is alphanumeric . But If the uploaded file name has this text eg my doc #2.doc
or dev & developer.doc
then it's downloading but not showing. In my downloaded folder I see my doc
.
I don't understand what's the wrong in my code, Can someone tell me ?
& and # are URL special characters.
When trying to access your files, you should encode any special characters the right way using urlencode PHP method : http://php.net/manual/en/function.urlencode.php
Maybe you should manage you mime type at Apache level for security purposes : Apache2 server mime types
Or if you can't, filter your get parameters to avoid users to request any path on your server : http://php.net/manual/en/function.filter-input.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.