Re: [PHP] Show filenames using Wildcards -- The glob() Solution!
- From: jochem@xxxxxxxxxxxxx (Jochem Maas)
- Date: Fri, 30 Mar 2007 16:55:29 +0200
Rahul Sitaram Johari wrote:
Ave,
You will probably find this code pretty inefficient, although it works
flawlessly, but I ran into a problem with Internet Explorer 7, which instead
of giving the "Save as" dialog box, tried opening the file within the
Internet Explorer 7 window and displayed millions of bizarre characters on
the screen. In order to bypass that, I used a force-download method. And I
can tell you it's probably a crappy version of it. So I'm definitely
interested in and anxious on getting improvement suggestions on the code.
Here's the code (and please don't kill me):
why would I kill you? what did you do? are you Donald Rumsfeld?
<?php
you need to santize $F, and stop using 'register_globals', and check the file
exists and other stuff like that (you know - check stuff!).
if (!isset($_GET['F']))
die('bad dog!');
$F = '/path/to/you/files/'.basename($_GET['F']);
if (!file_exists($F))
die('very bad dog!');
if (!is_readable($F))
die('I am a bad dog!');
header("Content-Description: File Transfer");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=".basename($F));
// this will probably fix the IE problem - personally I always refer to
// Richard Lynch's rant on the subject of download headers when I get stuck
header("Content-Disposition: download; filename=".basename($F));
header("Content-Length: ".filesize($F));
@readfile($F);
only php gods are entitled to use @ - the rest of us will get bitten in the
ass by a bad dog sooner or later. don't repress errors unless there is no other recourse
(0.00% of the time you come accross a situation where you can't do with out it -
this is not one of those times), instead check your input (and function return
values) properly and act accordingly
?>.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
E: sleepwalker@xxxxxxxxxxxxxxxx
³I morti non sono piu soli ... The dead are no longer lonely²
On 3/30/07 10:31 AM, "Jochem Maas" <jochem@xxxxxxxxxxxxx> wrote:
Rahul Sitaram Johari wrote:
Ave,...
VALUE='takekey_download.php?F=vox/".basename($value)."'>".basename($value)."show us the code for takekey_download.php, we may be able to save you
on a major security issue with regard to the way you use the F get parameter.
</option>";
}
?>
</SELECT>
</FORM>
Thanks!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
E: sleepwalker@xxxxxxxxxxxxxxxx
³I morti non sono piu soli ... The dead are no longer lonely²
- Prev by Date: Re: [PHP] Show filenames using Wildcards -- The glob() Solution!
- Next by Date: Re: [PHP] Saving css state in javascript and passing to php via form submit
- Previous by thread: Re: [PHP] Show filenames using Wildcards -- The glob() Solution!
- Next by thread: Saving css state in javascript and passing to php via form submit
- Index(es):
Relevant Pages
|
