All geek questions in one place

PHP - How to set the full directory path in Content-Disposition?

I pass the file name to the download page.
  ie somefile.xls

The download page adds back to the full directory path to the file name.
  i.e. c: \ temp \ somefile.xls

The problem is that now setting the "Content-Disposition" header does not work. The name of the file that he wants to download is the full path to the file directory.    those. c_temp_somefile

Can Content-Disposition handle the full path?

If possible, how can I get a script to load the file correctly?

Code:

$myad = $_GET['myad'];
$glob_string =  realpath('/foldera/folderb/folderc'). DIRECTORY_SEPARATOR .$myad;

header('Content-Type: application/excel');
$headerstring = 'Content-Disposition: attachment; filename='.$glob_string;
header($headerstring);
readfile($myad);

UPDATED code (from answers):

$myad = $_GET['myad'];
$glob_string =  realpath('/mit/mit_tm/mrl_bol'). DIRECTORY_SEPARATOR .$myad;

header('Content-Type: application/excel');
$headerstring = 'Content-Disposition: attachment; filename='.$myad;
header($headerstring);
readfile($glob_string);
+3
source share
4 answers

, ($myad).

$_GET['myad'], script (readfile() ). !

realpath, , , basename() , . Content-Disposition, readfile().

: - . $_GET['myad'] ../../../some/full/path, script .

- :

$myad = $_GET['myad'];

$rootDir = realpath('/mit/mit_tm/mrl_bol');
$fullPath = realpath($rootDir . '/' . $myad);

// Note that, on UNIX systems, realpath() will return false if a path
// does not exist, but an absolute non-existing path on Windows.
if ($fullPath && is_readable($fullPath) && dirname($fullPath) === $rootDir) {
    // OK, the requested file exists and is in the allowed root directory.
    header('Content-Type: application/excel');
    // basename() returns just the file name.
    header('Content-Disposition: attachment; filename=' . basename($fullPath));
    readfile($fullPath);
}
+8

Content-Disposition , , , .

Content-Disposition , - .

, , .

+9

. , : .

+3

, , , Content-Type excel , , microsoft , mirosoft word is < /" > application/vnd.openxmlformats-officedocument.wordprocessingml.document

0

Source: https://habr.com/ru/post/1723254/

More articles:


All Articles