I'm in the process of developing a CVS, one of the features of this will be the files contained are served to the user, with the use of header('Content-Disposition: attachment;');
Due to my sucky explanation, hopefully this little snippet will clarify what I am trying to achieve (the actual code is different, but the method is the same):
Code: Select all
<?php
//is_valid_file_id() is a pseudo function to ensure the file is "allowed"
// $files is an array of the files available to download..
if ((isset($_GET['fid'])) && (is_valid_file_id($_GET['fid']))) {
header('Content-Disposition: attachment; filename="' . basename($files[$_GET['fid']]) . '";');
readfile($files[$GET['fid']);
} else {
die('Invalid file specified');
}
?>As should be quite clear to see, the CVS will be used to store source files - would there be a way for someone to exploit the disposition (or readfile()) so that instead of the source being served as a download attachment, that it will actually run on the server?
Thanks in advance