is this code safe? (download.php)
Posted: Sat Dec 29, 2007 5:40 pm
Just wondering, when this code is used to download an image off of the website (not localhost), is the code safe? I read something somewhere that said it's possible to do an overflow attack on it by modifying the image file:
And let's say the code checks to make sure that the filename is a valid image. Thanks.
Code: Select all
$filename = 'http://whatever.com/image.jpg';
header("Content-Disposition: attachment; filename=\"" . basename($filename) . "\"");
header("Content-Type: application/octet-stream");
header("Content-Length: " . basename(filesize($filename)));
header("Pragma: no-cache");
header("Expires: 0");
readfile($filename);