Are there any security issues with Content-disposition?
Posted: Tue Apr 04, 2006 4:41 am
Hi folks,
I'm in the process of developing a CVS, one of the features of this will be the files contained are served to the user, with the use of header('Content-Disposition: attachment;');
Due to my sucky explanation, hopefully this little snippet will clarify what I am trying to achieve (the actual code is different, but the method is the same):
now aside from any typo's, missing braces etc. are there any security holes that can be exploited with the above method?
As should be quite clear to see, the CVS will be used to store source files - would there be a way for someone to exploit the disposition (or readfile()) so that instead of the source being served as a download attachment, that it will actually run on the server?
Thanks in advance
I'm in the process of developing a CVS, one of the features of this will be the files contained are served to the user, with the use of header('Content-Disposition: attachment;');
Due to my sucky explanation, hopefully this little snippet will clarify what I am trying to achieve (the actual code is different, but the method is the same):
Code: Select all
<?php
//is_valid_file_id() is a pseudo function to ensure the file is "allowed"
// $files is an array of the files available to download..
if ((isset($_GET['fid'])) && (is_valid_file_id($_GET['fid']))) {
header('Content-Disposition: attachment; filename="' . basename($files[$_GET['fid']]) . '";');
readfile($files[$GET['fid']);
} else {
die('Invalid file specified');
}
?>As should be quite clear to see, the CVS will be used to store source files - would there be a way for someone to exploit the disposition (or readfile()) so that instead of the source being served as a download attachment, that it will actually run on the server?
Thanks in advance