Page 1 of 1

Not downloading in IE - works in FF

Posted: Mon Jul 17, 2006 12:38 pm
by Luke
The following is a script used for downloading all kinds of documents. I did not write it. It works for Firefox, but in IE, it gives me an error: "the requested site is not available or cannot be found"
It is attempting to download over SSL

Code: Select all

if (isset($_GET['action']) && $_GET['action'] == "download")
{
    session_cache_limiter("public, post-check=50");
    header("Cache-Control: private");
}
//if (isset($session_save_path)) session_save_path($session_save_path);

if (isset($_GET['path'])) $path = validate_path($_GET['path']);
if (!isset($path)) $path = FALSE;
if ($path == "./" || $path == ".\\" || $path == "/" || $path == "\\") $path = FALSE;
if (isset($_GET['filename'])) $filename = basename(stripslashes($_GET['filename']));
if ($user->has_priv('dnld_file') || $user->has_priv('view_file'))
{
 if (isset($_GET['filename']) && isset($_GET['action']) && is_file($GLOBALS['home_directory']  . $user->user_dir.$path.$filename) || is_file("../".$GLOBALS['home_directory']  . $user->user_dir.$path.$filename))
 {
  if (is_file($GLOBALS['home_directory']  . $user->user_dir.$path.$filename) && !strstr($GLOBALS['home_directory']  . $user->user_dir, "./") && !strstr($GLOBALS['home_directory']  . $user->user_dir, ".\\"))
   $fullpath = $GLOBALS['home_directory']  . $user->user_dir.$path.$filename;
  else if (is_file("../".$GLOBALS['home_directory']  . $user->user_dir.$path.$filename))
   $fullpath = "../".$GLOBALS['home_directory']  . $user->user_dir.$path.$filename;
  if (!$user->has_priv('dnld_file') && $user->has_priv('view_file') && !is_viewable_file($filename))
  {
   print "<font color='#CC0000'>$StrAccessDenied</font>";
   exit();
  }
  header("Content-Type: ".get_mimetype($filename));
  header("Content-Length: ".filesize($fullpath));
  if ($_GET['action'] == "download" && $user->has_priv('dnld_file'));
   header("Content-Disposition: attachment; filename=$filename");
  readfile($fullpath);
 }
 else
  print "<font color='#CC0000'>$StrDownloadFail</font>";
}

Posted: Mon Jul 17, 2006 12:59 pm
by Weirdan
what a mess it was...

Code: Select all

if(
    isset($_GET['action']) 
    && $_GET['action'] == "download"
) {
    session_cache_limiter("public, post-check=50");
    header("Cache-Control: private");
}
//if (isset($session_save_path)) session_save_path($session_save_path);

if(isset($_GET['path'])) 
    $path = validate_path($_GET['path']);

if(!isset($path)) 
    $path = FALSE;

if(
    $path == "./" 
    || $path == ".\\" 
    || $path == "/" 
    || $path == "\\"
) {
    $path = FALSE;
}

if(isset($_GET['filename'])) 
    $filename = basename(stripslashes($_GET['filename']));

if(
    $user->has_priv('dnld_file') 
    || $user->has_priv('view_file')
) {
    if(
        isset($_GET['filename']) 
        && isset($_GET['action']) 
        && is_file($GLOBALS['home_directory'] . $user->user_dir . $path . $filename)
        || is_file("../" . $GLOBALS['home_directory'] . $user->user_dir . $path . $filename)
    ) {
        if(
            is_file($GLOBALS['home_directory'] . $user->user_dir . $path . $filename) 
            && !strstr($GLOBALS['home_directory'] . $user->user_dir, "./") 
            && !strstr($GLOBALS['home_directory'] . $user->user_dir, ".\\")
        ) {
            $fullpath = $GLOBALS['home_directory'] . $user->user_dir . $path . $filename;
        } elseif(is_file("../" . $GLOBALS['home_directory'] . $user->user_dir . $path . $filename)) {
            $fullpath = "../".$GLOBALS['home_directory']  . $user->user_dir.$path.$filename;
        }
        if(
            !$user->has_priv('dnld_file') 
            && $user->has_priv('view_file') 
            && !is_viewable_file($filename)
        ) {
            print "<font color='#CC0000'>$StrAccessDenied</font>";
            exit();
        }
        
        header("Content-Type: " . get_mimetype($filename));
        header("Content-Length: " . filesize($fullpath));
        if(
            $_GET['action'] == "download" 
            && $user->has_priv('dnld_file')
        ) {// ; here has been semicolon (IMO it's not needed)
            header("Content-Disposition: attachment; filename=$filename");
        }
        readfile($fullpath);
    } else {
        print "<font color='#CC0000'>$StrDownloadFail</font>";
    }
}

Posted: Mon Jul 17, 2006 1:22 pm
by Luke
Still not working...
I believe the problem has something to do with this:

http://support.microsoft.com/default.as ... -us;316431

Because I am getting this error:

Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.

But it looks like the code you posted should take care of the problem... but it doesn't.

Posted: Mon Jul 17, 2006 1:33 pm
by RobertGonzalez
MSDN wrote:RESOLUTION
Web sites that want to allow this type of operation should remove the no-cache header or headers.
Have you tried changing your headers? Apparently, this:

Code: Select all

Pragma: no-cache
Cache-control: no-cache,max-age=0,must-revalidate
could kill it. Maybe play around with the sent headers to see if you can force it that way?

Posted: Mon Jul 17, 2006 1:35 pm
by Luke
Yes... the code that is posted has this header:

Cache-Control: private

And that doesn't fix it.

Posted: Tue Jul 18, 2006 12:52 am
by printf
IE before 5.5 and after 5.5 doesn't support attachment; for a disposition only IE 5.5 does. Also RFC 2068 states that +Content-Disposition+ header must contain the filename="?" encloded in quotes, and the +Content-Type+ header must contain the the mime/type, followed by the name="?" for the file name! Also Cache-Control: private, is not valid for a file type header, the only Cache-Control that is allowed for a file type header (image, file) is +max-age=+, this for both HTTP/1.0 and HTTP/1.1. If using +max-age=+, then the +Exipre+ header must always be included after the Cache-Control +max-age=+ header.

Code: Select all

header ( 'Cache-control: max-age=31536000' );
header ( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header ( 'Content-Length: ' . filesize ( $fullpath ) );
header ( 'Content-Disposition: filename="' . $filename . '"' );
header ( 'Content-Type: ' . get_mimetype ( $filename ) . '; name="' . $filename . '"' );
readfile ( $fullpath );

pif

Posted: Tue Jul 18, 2006 1:28 am
by ckuipers
Try adding this

Code: Select all

header('Pragma: any', true);
Worked for me!

Posted: Tue Jul 18, 2006 10:19 am
by Luke
Thanks guys... it's working now. I need to read up on http protocol a little I think.

Posted: Tue Jul 18, 2006 1:19 pm
by Christopher
I have not tried the Pragma setting, but I know that simply adding following makes IE work (private does not):

Cache-control: must-revalidate