开发者

Is the File Transfer code correct in my PHP?

问答 作者:

I have this page that is supposed to be a download for a song. The download works in firefox for me but in chrome and safari nothing happens..here is my code

    public function download() {
    if (isset($this->request->get['order_download_id'])) {
        $order_download_id = $this->request->get['order_download_id'];
    } else {
        $order_download_id = 0;
    }
    $download_info = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_download od LEFT JOIN `" . DB_PREFIX . "order` o ON (od.order_id = o.order_id) WHERE o.customer_id = '" . (int)$this->customer->getId(). "' AND o.order_status_id > '0' AND o.order_status_id = '" . (int)$this->config->get('config_download_status') . "' AND od.order_download_id = '" . (int)$order_download_id . "'");

    if ($download_info->row) {
        $file = DIR_DOWNLOAD . $download_info->row['filename'];
        $mask = basename($download_info->row['mask']);
        $mime = 'application/octet-stream';
        $encoding = 'binary';

        if (!headers_sent()) {
            if (file_exists($file)) {
                header('Pragma: public');
                header('Expires: 0');
                header('Content-Description: File Transfer');
                header('Content-Type: ' . $mime);
                header('Content-Transfer-Encoding: ' . $encoding);
                header('Content-Disposition: attachment; filename="' . ($mask ? $mask : basename($file)) . '"');
                header('Content-Length: ' . filesize($file));
                $file = readfile($file, 'rb');
                print($file);
            } else {
                exit('Error: Could not find file ' . $file . '!');
            }
   开发者_开发百科     } else {
            exit('Error: Headers already sent out!');
        }
    }
}

I have tried all kinds of different things to get this to work but nothing is happening in the two browsers...any ideas or help will be appreciated...

readfile returns the number of bytes sent, and needs not to be printed out. You should remove the line print($file);. Otherwise, you'll send more bytes than the Content-Length header specifies, and that will lead some HTTP clients to discard your answer.

Also, consider strange file names such as

"\r\nLocation: http://evil.com\r\n\r\n<script>alert('XSS');</script>

Are you handling that correctly?

See your syntax near 

header('Content-Disposition: attachment; filename="'.$file_name_with_space. '"');

OR it can be 

header("Content-Disposition: attachment; filename='".$file_name_with_space."'" );

Here the game is in Quotes only it will be treated as part of the string if it is written properly else will crash.

It works in all browser. IE, FF, Chrome, SAFARI I checked it personally so goahead.

继续阅读:content-dispositiondownloadfilephp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9