2

I've made a small PHP script which is supposed to allow visitors to download files from my server. The way it works is it takes one of the files, gets the basename and sends the headers as well as the file to the client.

However, when downloading a file I sometimes get index.php and sometimes get proper_file_name.zip.

I don't really know why it sometimes works and why it sometimes doesn't work. Any advice would be highly appreciated.

This is the relevant part of my source code:

// Client requested custom byte range
if(isset($_SERVER['HTTP_RANGE'])) 
{ 
  $range = explode('-', substr($_SERVER['HTTP_RANGE'], 6));
  $seekStart = intval($range[0]);

  if ($range[1] > 0)
    $seekEnd = intval($range[1]);

  header('HTTP/1.1 206 Partial Content');
  header(sprintf('Content-Range: bytes %d-%d/%d', $seekStart, $seekEnd, $size_vfile));
}
else // Set headers for full file
  header('HTTP/1.1 200 OK');

// Get basename of filename
$filename = basename($filename);

// Send headers to client
header('Cache-Control: private');
header('Content-Type: application/octet-stream'); 
header("Content-Disposition: attachment; filename=\"$filename\"");
header('Content-Transfer-Encoding: binary');
header('Content-Description: File Transfer');
header('Content-Length: '.$file_size);
header('Accept-Ranges: bytes');
Improve this question
2
  • I was having this same problem with smarty. :O can you show us the headers you get back after the request has finished from jfiddler? Commented Sep 3, 2012 at 22:19
  • 2
    You have an unitialized variable use at $filename = basename($filename); - please show us the preceding code, where this is fixed up. If $filenameis empty, you end up with exactly this behaviour! Commented Sep 3, 2012 at 22:23

2 Answers 2

Reset to default
1

Do you sanitize the filename?

Not all browsers accept all characters. Note that a " will be a 100% guaranteed break, but other characters will give problems. You can probably find out which are giving you problems by noting the filesnames that don't come through.

You may want to sanitize the $filename by removing any characters that may not be liked. Here's some reading about it : http://greenbytes.de/tech/tc2231/

Use str_replace() to change the characters it doesn't like.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You were right, this really was a filename related issue. I filter 'bad' filenames with str_replace and it seems to work now. Thanks for your answer!
1

You are using the basename, so you are dependant on your working directory. Just change to the right directory before downloading the file

Improve this answer

1 Comment

Thanks for your answer, but the file also downloads when the file name is index.php, so the server obviously finds the file.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.