7

Working with CakePHP and Java Web Start I'm generating the necessary .jnlp-file within a controller in which among other things I set the filename as a header-field. That works fine as long I'm not trying to use special chars in the filenames. However, I'd like to enable every character that is possible on the main operating systems as a filename. So what I try to do is removing all the invalid characters by replacing them through empty strings. But there seems to be a problem with whitespaces which should be allowed in filenames.

That's the code:

$panel_id = 1
$panelname = 'w h i t e s p a c e s';
$filename = sprintf('"Project_%d_%s.jnlp"', $panel_id, $panelname);
$invalid_chars = array('<', '>', '?', '"', ':', '|', '\\', '/', '*', '&');
$filename = str_replace($invalid_filenamechars, '', $filename);
$this->header('Content-Disposition: attachment; filename=' . $filename);

When I do that, the resulting filename in the header is 'Project_1_w h i t e s p a c e', while Windows 7 wants to save the file as 'Project_1_w'. So it seems that my OS doesn't accept unescaped whitespaces in filenames? I would be happy with that explanation if it wasn't for the following: I left the lines 4 and 5, so that the code looks

$panel_id = 1
$panelname = 'w h i t e s p a c e s';
$filename = sprintf('"Project_%d_%s.jnlp"', $panel_id, $panelname);
$this->header('Content-Disposition: attachment; filename=' . $filename);

And now Windows is willing to save the file with all its whitespaces, still I cannot understand why. If I look at the filenames in the headers by using wireshark, both are the same. And if the sprintf-line is replaced by $filename = 'w h i t e s p a c e' or even $filename = $panelname it cuts the filename as in the first codesnippet. But I can replace the sprintf with the dottet-string-concat syntax and it works.

Can anyone tell me, what I'm overlooking?

Improve this question
1
  • 2
    Strictly, you are supposed surround the file name in double quotes in the header: Content-Disposition: attachment; filename="My File Name.ext". If you do this, does it fix the problem? Commented Aug 31, 2011 at 10:32

2 Answers 2

Reset to default
7

The difference is the double quotes. With the first code you'll end up with:

Content-Disposition: attachment; filename=Project_1_w h i t e s p a c e s.jnlp

with the second code you'll end up with:

Content-Disposition: attachment; filename="Project_1_w h i t e s p a c e s.jnlp"

What you probably want is something like:

$panel_id = 1;
$panelname = 'w h i t e s p a c e s';
$filename = sprintf('"Project_%d_%s.jnlp"', $panel_id, $panelname);
$invalid_chars = array('<', '>', '?', '"', ':', '|', '\\', '/', '*', '&');
$filename = str_replace($invalid_filenamechars, '', $filename);
$this->header('Content-Disposition: attachment; filename="'.$filename.'"');

This strips any double quotes within $filename, but then makes sure that $filename is always surrounded by double quotes.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Okay, now I feel stupid. Should have seen that by looking at the header. Thanks!
Yes! The trick is to use single quotes around the entire header string, and double quotes around the file name. Some browsers will have a problem downloading/saving the file (firefox on mac) if it is not exactly like this.
3

RFC2616, which is the HTTP/1.1 spec, says this:

The Content-Disposition response-header field has been proposed as a means for the origin server to suggest a default filename if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition in RFC 1806. 

    content-disposition = "Content-Disposition" ":"
                          disposition-type *( ";" disposition-parm )
    disposition-type = "attachment" | disp-extension-token
    disposition-parm = filename-parm | disp-extension-parm
    filename-parm = "filename" "=" quoted-string
    disp-extension-token = token
    disp-extension-parm = token "=" ( token | quoted-string )

An example is Content-Disposition: attachment; filename="fname.ext"

Thus, sending this:

header('Content-Disposition: attachment; filename="' . $filename . '"');

conforms to the second form (quoted-string) and should do what you expect it to - take care to only send SPACE (ASCII dec 32 / hex 20) as whitespace, not some of the other fancy whitespace characters.

Improve this answer

5 Comments

FYI, RFC2616 (HTTP/1.1) defines the filename value portion as a quoted-string.
@DaveRandom: Thanks, that's good to know. You are in a maze of twisty little standards, all different.
Indeed you are, and because the same things are defined a thousand times it is difficult to know what to do. I think I have probably read RFC2616 through 300 times, it is the only one I ever really read. There are so many things that other RFCs say you can do, but HTTP doesn't allow them, that I rarely believe anything I read anywhere else. If you want some fun (confusing) reading and you're bored one day, have a go with RFC959 (FTP) and enjoy all the directly conflicting statements...
@DaveRandom: I initially looked to RFC2616 for the header, but didn't find it (as it's in its very own section, completely apart from all the other headers). Will edit.
The relevant RFC is RFC 6266. Also keep in mind that more work is needed if you need to support characters outside the ISO-8859-1 range.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.