Not downloading in IE - works in FF

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Not downloading in IE - works in FF

Post by Luke »

The following is a script used for downloading all kinds of documents. I did not write it. It works for Firefox, but in IE, it gives me an error: "the requested site is not available or cannot be found"
It is attempting to download over SSL

Code: Select all

if (isset($_GET['action']) && $_GET['action'] == "download")
{
    session_cache_limiter("public, post-check=50");
    header("Cache-Control: private");
}
//if (isset($session_save_path)) session_save_path($session_save_path);

if (isset($_GET['path'])) $path = validate_path($_GET['path']);
if (!isset($path)) $path = FALSE;
if ($path == "./" || $path == ".\\" || $path == "/" || $path == "\\") $path = FALSE;
if (isset($_GET['filename'])) $filename = basename(stripslashes($_GET['filename']));
if ($user->has_priv('dnld_file') || $user->has_priv('view_file'))
{
 if (isset($_GET['filename']) && isset($_GET['action']) && is_file($GLOBALS['home_directory']  . $user->user_dir.$path.$filename) || is_file("../".$GLOBALS['home_directory']  . $user->user_dir.$path.$filename))
 {
  if (is_file($GLOBALS['home_directory']  . $user->user_dir.$path.$filename) && !strstr($GLOBALS['home_directory']  . $user->user_dir, "./") && !strstr($GLOBALS['home_directory']  . $user->user_dir, ".\\"))
   $fullpath = $GLOBALS['home_directory']  . $user->user_dir.$path.$filename;
  else if (is_file("../".$GLOBALS['home_directory']  . $user->user_dir.$path.$filename))
   $fullpath = "../".$GLOBALS['home_directory']  . $user->user_dir.$path.$filename;
  if (!$user->has_priv('dnld_file') && $user->has_priv('view_file') && !is_viewable_file($filename))
  {
   print "<font color='#CC0000'>$StrAccessDenied</font>";
   exit();
  }
  header("Content-Type: ".get_mimetype($filename));
  header("Content-Length: ".filesize($fullpath));
  if ($_GET['action'] == "download" && $user->has_priv('dnld_file'));
   header("Content-Disposition: attachment; filename=$filename");
  readfile($fullpath);
 }
 else
  print "<font color='#CC0000'>$StrDownloadFail</font>";
}
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

what a mess it was...

Code: Select all

if(
    isset($_GET['action']) 
    && $_GET['action'] == "download"
) {
    session_cache_limiter("public, post-check=50");
    header("Cache-Control: private");
}
//if (isset($session_save_path)) session_save_path($session_save_path);

if(isset($_GET['path'])) 
    $path = validate_path($_GET['path']);

if(!isset($path)) 
    $path = FALSE;

if(
    $path == "./" 
    || $path == ".\\" 
    || $path == "/" 
    || $path == "\\"
) {
    $path = FALSE;
}

if(isset($_GET['filename'])) 
    $filename = basename(stripslashes($_GET['filename']));

if(
    $user->has_priv('dnld_file') 
    || $user->has_priv('view_file')
) {
    if(
        isset($_GET['filename']) 
        && isset($_GET['action']) 
        && is_file($GLOBALS['home_directory'] . $user->user_dir . $path . $filename)
        || is_file("../" . $GLOBALS['home_directory'] . $user->user_dir . $path . $filename)
    ) {
        if(
            is_file($GLOBALS['home_directory'] . $user->user_dir . $path . $filename) 
            && !strstr($GLOBALS['home_directory'] . $user->user_dir, "./") 
            && !strstr($GLOBALS['home_directory'] . $user->user_dir, ".\\")
        ) {
            $fullpath = $GLOBALS['home_directory'] . $user->user_dir . $path . $filename;
        } elseif(is_file("../" . $GLOBALS['home_directory'] . $user->user_dir . $path . $filename)) {
            $fullpath = "../".$GLOBALS['home_directory']  . $user->user_dir.$path.$filename;
        }
        if(
            !$user->has_priv('dnld_file') 
            && $user->has_priv('view_file') 
            && !is_viewable_file($filename)
        ) {
            print "<font color='#CC0000'>$StrAccessDenied</font>";
            exit();
        }
        
        header("Content-Type: " . get_mimetype($filename));
        header("Content-Length: " . filesize($fullpath));
        if(
            $_GET['action'] == "download" 
            && $user->has_priv('dnld_file')
        ) {// ; here has been semicolon (IMO it's not needed)
            header("Content-Disposition: attachment; filename=$filename");
        }
        readfile($fullpath);
    } else {
        print "<font color='#CC0000'>$StrDownloadFail</font>";
    }
}
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Still not working...
I believe the problem has something to do with this:

http://support.microsoft.com/default.as ... -us;316431

Because I am getting this error:

Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.

But it looks like the code you posted should take care of the problem... but it doesn't.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

MSDN wrote:RESOLUTION
Web sites that want to allow this type of operation should remove the no-cache header or headers.
Have you tried changing your headers? Apparently, this:

Code: Select all

Pragma: no-cache
Cache-control: no-cache,max-age=0,must-revalidate
could kill it. Maybe play around with the sent headers to see if you can force it that way?
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Yes... the code that is posted has this header:

Cache-Control: private

And that doesn't fix it.
printf
Forum Contributor
Posts: 173
Joined: Wed Jan 12, 2005 5:24 pm

Post by printf »

IE before 5.5 and after 5.5 doesn't support attachment; for a disposition only IE 5.5 does. Also RFC 2068 states that +Content-Disposition+ header must contain the filename="?" encloded in quotes, and the +Content-Type+ header must contain the the mime/type, followed by the name="?" for the file name! Also Cache-Control: private, is not valid for a file type header, the only Cache-Control that is allowed for a file type header (image, file) is +max-age=+, this for both HTTP/1.0 and HTTP/1.1. If using +max-age=+, then the +Exipre+ header must always be included after the Cache-Control +max-age=+ header.

Code: Select all

header ( 'Cache-control: max-age=31536000' );
header ( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header ( 'Content-Length: ' . filesize ( $fullpath ) );
header ( 'Content-Disposition: filename="' . $filename . '"' );
header ( 'Content-Type: ' . get_mimetype ( $filename ) . '; name="' . $filename . '"' );
readfile ( $fullpath );

pif
ckuipers
Forum Commoner
Posts: 61
Joined: Mon Mar 24, 2003 6:10 am

Post by ckuipers »

Try adding this

Code: Select all

header('Pragma: any', true);
Worked for me!
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Thanks guys... it's working now. I need to read up on http protocol a little I think.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

I have not tried the Pragma setting, but I know that simply adding following makes IE work (private does not):

Cache-control: must-revalidate
(#10850)
Post Reply