开发者

PHP - Filenames in HTTP-headers: Problem with whitespaces

Working with CakePHP and Java Web Start I'm generating the necessary .jnlp-file within a controller in which among other things I set the filename as a header-field. That works fine as long I'm not trying to use special chars in the filenames. However, I'd like to enable every character that is possible on the main operating systems as a filename. So what I try to do is removing all the invalid characters by replacing them through empty strings. But there seems to be 开发者_JS百科a problem with whitespaces which should be allowed in filenames.

That's the code:

$panel_id = 1
$panelname = 'w h i t e s p a c e s';
$filename = sprintf('"Project_%d_%s.jnlp"', $panel_id, $panelname);
$invalid_chars = array('<', '>', '?', '"', ':', '|', '\\', '/', '*', '&');
$filename = str_replace($invalid_filenamechars, '', $filename);
$this->header('Content-Disposition: attachment; filename=' . $filename);

When I do that, the resulting filename in the header is 'Project_1_w h i t e s p a c e', while Windows 7 wants to save the file as 'Project_1_w'. So it seems that my OS doesn't accept unescaped whitespaces in filenames? I would be happy with that explanation if it wasn't for the following: I left the lines 4 and 5, so that the code looks

$panel_id = 1
$panelname = 'w h i t e s p a c e s';
$filename = sprintf('"Project_%d_%s.jnlp"', $panel_id, $panelname);
$this->header('Content-Disposition: attachment; filename=' . $filename);

And now Windows is willing to save the file with all its whitespaces, still I cannot understand why. If I look at the filenames in the headers by using wireshark, both are the same. And if the sprintf-line is replaced by $filename = 'w h i t e s p a c e' or even $filename = $panelname it cuts the filename as in the first codesnippet. But I can replace the sprintf with the dottet-string-concat syntax and it works.

Can anyone tell me, what I'm overlooking?


The difference is the double quotes. With the first code you'll end up with:

Content-Disposition: attachment; filename=Project_1_w h i t e s p a c e s.jnlp

with the second code you'll end up with:

Content-Disposition: attachment; filename="Project_1_w h i t e s p a c e s.jnlp"

What you probably want is something like:

$panel_id = 1;
$panelname = 'w h i t e s p a c e s';
$filename = sprintf('"Project_%d_%s.jnlp"', $panel_id, $panelname);
$invalid_chars = array('<', '>', '?', '"', ':', '|', '\\', '/', '*', '&');
$filename = str_replace($invalid_filenamechars, '', $filename);
$this->header('Content-Disposition: attachment; filename="'.$filename.'"');

This strips any double quotes within $filename, but then makes sure that $filename is always surrounded by double quotes.


RFC2616, which is the HTTP/1.1 spec, says this:

The Content-Disposition response-header field has been proposed as a means for the origin server to suggest a default filename if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition in RFC 1806.

    content-disposition = "Content-Disposition" ":"
                          disposition-type *( ";" disposition-parm )
    disposition-type = "attachment" | disp-extension-token
    disposition-parm = filename-parm | disp-extension-parm
    filename-parm = "filename" "=" quoted-string
    disp-extension-token = token
    disp-extension-parm = token "=" ( token | quoted-string )

An example is Content-Disposition: attachment; filename="fname.ext"

Thus, sending this:

header('Content-Disposition: attachment; filename="' . $filename . '"');

conforms to the second form (quoted-string) and should do what you expect it to - take care to only send SPACE (ASCII dec 32 / hex 20) as whitespace, not some of the other fancy whitespace characters.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜