Brent Michalski wrote: > This cannot be done. It would be a HUGE security hole if it was possible! > You may have the best intentions in the world with your application, but > there are many others out there who like to damage other people's > computers...
I don't think Shannon wanted to automatically and silently download files to user's filesystem and add them to autoexec script. It looks for me more like an idea to invoke a save dialog in user's browser instead of showing file content on the screen, when he clicks the link to a text file. Shannon Murdoch wrote: > > I'm writing a script that will require a text file on my http server to be > > downloaded (*not viewed in browser window*) by the script's activator. > > > > Let's say the text file is called 'bobby.txt' and is located in the same > > directory as the cgi script. ( The full URL that will end up being used > > will be http://www.domainname.com/cgi-bin/bobby.txt ) > > > > Does anyone know what HTTP/perl command to send to the client's browser > > which will auto-initiate the download? Try sending a different MIME type, like application/x-foobar instead of text/plain. When a browser don't know the content type and so can't render it, it should ask the user if he wants to save the file. However I don't know how MSIE would behave, as it's known to ignore the most important HTTP headers (like Content-Type) for some reasons. You can write a script named download and use URL: http://www.domainname.com/cgi-bin/download/bobby.txt Then your script should get a filename bobby.txt from $ENV{PATH_INFO} or path_info() using CGI.pm, print Content-Type header, empty line, and print content of the file bobby.txt, or whatever you find in PATH_INFO - but remember to remove any suspicious characters, like slashes etc. for security reasons, e.g.: $file = $ENV{PATH_INFO}; $file =~ s/[^\w.-]+//g; And use -T switch in the shebang line. > > I think it would be good to have an online searchable database of this > > newsgroup, so you don't have to download every message to see if your > > question has already been answered a few days or weeks ago! =) There is archive of this mailing list here: http:[EMAIL PROTECTED]/ - RaFaL Pocztarski, [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
