stackoom
  简体   繁体   中英

Php file downloading issues?

 原文  2014-12-07 10:22:05       php

Question

Currently I'm using following php code to download file.

Php Code: 

<?php
timeout();
//require_once("config.php");
if(!isset($_SESSION['front_username']) && isset($_SESSION['front_username']) == "" &&
    !isset($_SESSION['front_password']) && isset($_SESSION['front_password']) == "" &&
    !isset($_SESSION['user_id']) && isset($_SESSION['user_id']) == "") {
    header("Location:login.php");   
    exit();
}
$file_get = $_GET['filename'];  
$tmp = explode(".",$file_get);  
$file_name1 = substr($file_get, 33);    
switch ($tmp[count($tmp)-1]) {
    case "pdf": $ctype="application/pdf"; break;
    case "exe": $ctype="application/octet-stream"; break;
    case "zip": $ctype="application/zip"; break;
    case "docx":
    case "doc": $ctype="application/msword"; break;
    case "csv":
    case "xls":
    case "xlsx": $ctype="application/vnd.ms-excel"; break;
    case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
    case "gif": $ctype="image/gif"; break;
    case "png": $ctype="image/png"; break;
    case "jpeg":
    case "jpg": $ctype="image/jpg"; break;
    case "tif":
    case "tiff": $ctype="image/tiff"; break;
    case "psd": $ctype="image/psd"; break;
    case "bmp": $ctype="image/bmp"; break;
    case "ico": $ctype="image/vnd.microsoft.icon"; break;
    default: $ctype="application/force-download";
}   
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename=\"".$file_name1."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize("upload_doc/$file_get"));
ob_clean();
flush();
readfile("upload_doc/$file_get" );
?>

It's downloading correctly if the uploaded file name is alphanumeric . But If the uploaded file name has this text eg my doc #2.doc or dev & developer.doc then it's downloading but not showing. In my downloaded folder I see my doc .

I don't understand what's the wrong in my code, Can someone tell me ?

1 answers

solution1
 0  2014-12-07 11:16:49

& and # are URL special characters.

When trying to access your files, you should encode any special characters the right way using urlencode PHP method : http://php.net/manual/en/function.urlencode.php

Maybe you should manage you mime type at Apache level for security purposes : Apache2 server mime types

Or if you can't, filter your get parameters to avoid users to request any path on your server : http://php.net/manual/en/function.filter-input.php

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP / SQL issues when downloading a file/doc downloading file in PHP Apache downloading php file Downloading CSV file with PHP Issue downloading file with PHP header () in php not downloading the file CSV file not downloading PHP Zip file not downloading in PHP Prevent Downloading PHP File Downloading an Excel File with php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM