----- Original Message -----
From: "morten" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, September 06, 2007 11:43 AM
Subject: [php-list] Old problem
Hello to everyone, I'm new to this group, and I've been facing a
problem I couldn't solve, I don't know how to serch for it in the
list's old messages, so I'll tell you what it is and see if you can
help me.
I have this lines:
<?php
if (isset($_GET['download']) && ($_GET['download'] >= 1)) {
if ($_GET['download'] == 1)
header('Content-type: application/doc');
else if ($_GET['download'] == 2)
header('Content-type: application/rtf');
else if ($_GET['download'] == 3)
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="' . $_GET['file']
. '"');
readfile($_GET['file']);
}
require('../../../../../wp-blog-header.php');
get_header();
?>
It should show to the user an dialog to the user, so he can choose to
save the file or to open it directly.
The dialog shows and the user chooses, and here comes the problem, by
using the 'Content-type', 'Content-Disposition' and 'readfile' the
content of the page I'm in is "attached" to the end of the file I'm
downloading. When it's an DOC or RTF file, the content of the page
doesn't affect the funcioning, but if it's an PDF the string taht goes
"attached" in the end of the file happens to make the file useless.
All I want to do is to use some routine to let the user choose to save
the file or to read it directly, nothing more, nothing less.
I have been trying to solve this problem for at least some weeks, and
I couldn't find some information that could really help me.
BTW, at php.net I found the following example:
<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');
// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// The PDF source is in original.pdf
readfile('original.pdf');
?>
I used (as can be seem) this example with some modifications, but not
too much, and it happens that it's useless for my needs, if someone
knows how to fiz it or some other way to do what I want please let me
know, I'll be very grateful.
Thanx in advance.
morten.
-------------------------
Hello again Morton,
Now I see the bigger picture.
If everything is working then you simply need to add a line "die();" after
the line "readfile('original.pdf');" and before the closing "}"
There is a security issue here in that a third party has access to all files
that are accessible to the scripts "owner" or "group". Depending on you
server OS and config that may also include other users files on shared
servers.
For example - copy the following to a htm file on your desktop
<html><head></head><body>
<form action="insert file name of above script" method="get">
What file do you want
<input type="text" name="file" value="../../../../../wp-blog-header.php">
<br>
<input type="submit" value="download">
</body></html>
It would be better to have all the public files in one directory and specify
the path in php.
Thanks Robert.
PS: It is a required convention in this list to type below the original
postings.
