force-downloaded report file flooded with HTML by mistake
- From: "comp.lang.php" <phillip.s.powell@xxxxxxxxx>
- Date: 20 Apr 2006 08:37:32 -0700
[PHP]
class ReportGenerator {
function ReportGenerator() {}
/**
* Generate the HTTP headers necessary for this file type. Can be
called statically
*
* @access public
* @param mixed $filename
* @see file_get_contents
* @see actual_path
*/
function &generateHTTPHeaders($filename) { // STATIC VOID METHOD
if (!preg_match('/.+\.[a-zA-Z0-9\-_]+$/i', $filename)) die("Filename:
\"$filename\" must have an extension");
$ext = substr($filename, strrpos($filename, '.') + 1,
strlen($filename));
switch (strtolower(trim($ext))) {
case 'pdf':
$ctype = 'application/pdf';
break;
case 'exe':
$ctype = 'application/octet-stream';
break;
case 'zip':
$ctype = 'appliation/zip';
break;
case 'doc':
$ctype = 'application/msword';
break;
case 'xls':
$ctype = 'application/vnd.ms-excel';
break;
case 'csv':
$ctype = 'application/vnd.ms-excel';
break;
case 'ppt':
$ctype = 'application/vnd.ms-powerpoint';
break;
case 'gif':
$ctype = 'image/gif';
break;
case 'png':
$ctype = 'image/png';
break;
case 'jpg':
$ctype = 'image/jpg';
break;
case 'jpeg':
$ctype = 'image/jpg';
break;
default:
$ctype = 'application/force-download';
break;
}
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header("Content-Type: $ctype");
$user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
if ((is_integer(strpos($user_agent, 'msie'))) &&
(is_integer(strpos($user_agent, 'win')))) {
header('Content-Disposition: filename=' .
basename(actual_path($filename)) . ';');
} else {
header('Content-Disposition: inline; filename=' .
basename(actual_path($filename)) . ';');
}
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . @filesize(actual_path($filename)));
if (function_exists('file_get_contents')) {
echo @file_get_contents(actual_path($filename));
} else {
@readfile(actual_path($filename));
}
}
}
[/PHP]
The class method generateHTTPHeaders() can be called statically to
force-download a file (Excel, CSV, PDF, etc.) per customer requirement.
However, upon attempting to do so:
[PHP]
// REAL IMPORTANT!!! CHMOD OR THE WORLD CAN SEE YOUR REPORTS!!!!!!!
if ($this->isSuccessful) @chmod(0770,
actual_path($newReportFileName)); // CHANGE PERMISSIONS (IF IN UNIX)
TO PREVENT WORLD FROM ACCESSING FILE
if ($this->isSuccessful)
ReportGenerator::generateHTTPHeaders($newReportFileName); // THIS
CAUSES THE FORCED DOWNLOAD
@unlink(actual_path($newReportFileName)); // FILE HAS BEEN
FORCE-DOWNLOADED AND IS NO LONGER NEEDED ON SERVER
@unlink(actual_path($reportFileName)); // REMOVE THE
TEMPORARY FILE AS WELL, PROVIDED IT EXISTS AND/OR YOU CAN
if ($this->isSuccessful) exit();
[/PHP]
The force-downloaded file you get is completely flooded with HTML,
particularly the HTML of the page itself! I do not understand how this
is possible, particularly since I ran careful traces up until the
headers are spawned, and the resulting file contents are legitimate
report data (no HTML) up until you generate the headers at the end of
the method, then suddenly HTML pours in like a breached levee!
Any ideas? This is as much code as I am able to display that would be
relevant to the problem, I'm afraid.
Thanx
Phil
.
- Follow-Ups:
- Re: force-downloaded report file flooded with HTML by mistake
- From: Jerry Stuckle
- Re: force-downloaded report file flooded with HTML by mistake
- Prev by Date: Re: moving a existing file from one folder to another
- Next by Date: Re: Downloading multiple files in single zip file
- Previous by thread: New cross-language web development framework called Jasper
- Next by thread: Re: force-downloaded report file flooded with HTML by mistake
- Index(es):
Relevant Pages
|
