Is the File Transfer code correct in my PHP? -


i have page supposed download song. download works in firefox me in chrome , safari nothing happens..here code

    public function download() {     if (isset($this->request->get['order_download_id'])) {         $order_download_id = $this->request->get['order_download_id'];     } else {         $order_download_id = 0;     }     $download_info = $this->db->query("select * " . db_prefix . "order_download od left join `" . db_prefix . "order` o on (od.order_id = o.order_id) o.customer_id = '" . (int)$this->customer->getid(). "' , o.order_status_id > '0' , o.order_status_id = '" . (int)$this->config->get('config_download_status') . "' , od.order_download_id = '" . (int)$order_download_id . "'");      if ($download_info->row) {         $file = dir_download . $download_info->row['filename'];         $mask = basename($download_info->row['mask']);         $mime = 'application/octet-stream';         $encoding = 'binary';          if (!headers_sent()) {             if (file_exists($file)) {                 header('pragma: public');                 header('expires: 0');                 header('content-description: file transfer');                 header('content-type: ' . $mime);                 header('content-transfer-encoding: ' . $encoding);                 header('content-disposition: attachment; filename="' . ($mask ? $mask : basename($file)) . '"');                 header('content-length: ' . filesize($file));                 $file = readfile($file, 'rb');                 print($file);             } else {                 exit('error: not find file ' . $file . '!');             }         } else {             exit('error: headers sent out!');         }     } }

i have tried kinds of different things work nothing happening in 2 browsers...any ideas or appreciated...

readfile returns number of bytes sent, , needs not printed out. should remove line print($file);. otherwise, you'll send more bytes content-length header specifies, , lead http clients discard answer.

also, consider strange file names such as

"\r\nlocation: http://evil.com\r\n\r\n<script>alert('xss');</script>

are handling correctly?


Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more