2010/8/2 Kornel Lesiński <[email protected]>: > Downloads can be "forced" already with Content-Disposition: attachment. It's > just harder to do, and unfortunately that doesn't stop webmasters from > trying. Popular PHP snippets for forcing download are among the most > disgusting cargo-cult code I've ever seen — they're collection of > self-contradictory and nonsensical HTTP headers, break caching and resuming, > and often have security vulnerabilities. > > It would be great if we could obsolete those scripts.
Indeed; I've used those code samples, and since the entire area is basically voodoo to me, I still have no idea which headers I sent did anything and which are useless or even harmful cruft. In general, even well-educated authors have no clue what they're doing here. ~TJ
