将文件下载为附件文件大小不正确 [英] Downloading files as attachment filesize incorrect
问题描述
我正在试图强制链接下载文件作为附件.这是我之前做过的事情,但是出了点问题,我不确定这是什么.我尝试作为附件发送的文件类型均为mp4文件.这是我在做什么:
I'm trying to force a link to download a file as an attachment. This is stuff I have done before but something is going wrong and I'm not sure what it is. The file types I am trying to send as attachments are all mp4 files. Here is what I am doing:
<?php
if(isset($_GET['file']))
{
$file_path = dirname(__FILE__) . "/videos/$_GET[file]";
if(file_exists($file_path))
{
$file_url = "/videos/$_GET[file]";
header ("Content-type: video/mp4");
header("Content-Transfer-Encoding: binary");
header("Content-disposition: attachment; filename=\"".basename($_GET['file']) ."\"");
header("Content-Length: ".filesize($file_path));
echo readfile($file_url);
}
}
?>
如您所见,在尝试提供文件之前,我正在检查文件是否存在.发生了什么事,我得到的文件是正确的(MP4视频),但文件大小仅为100 bty.在调试时,我测试了文件大小是否正确.我已经将readfile()行更改为:
header("location:/videos/$_GET[file]");
As you can see I am checking to see if the file exists before trying to serve it. What happens is I get the file, it's type is correct(MP4 Video) but the file is only around 100 btyes in size. As I was debugging I tested to see if the filesize is correct, it is. I've changed the readfile() line to:
header("location:/videos/$_GET[file]");
,这带我去观看视频.我已经做了很多谷歌搜索,但我还没有提出这种行为的原因.以前有没有人看过这种东西?关于什么可能导致此的任何想法?任何帮助将不胜感激,非常感谢!
and it takes me to the video. I've done a fair bit of Googling and I havn't come up with a reason for this behavoiur. Has anyone seen this type of thing before? Any ideas on what could be causing this? Any help would be very much appreciated, thanks much!
推荐答案
如果打开在文本编辑器中下载的文件的内容,则无疑会看到错误消息.这可能是因为您的路径以/开头.当您从磁盘打开文件时,服务器路径的doc根目录是没有意义的.您需要指定真实路径.
If you open the contents of that file you downloaded in a text editor, you will no doubt see an error message. This is probably because your path starts with /. When you open files from disk, the doc root of your server path is meaningless. You need to specify the real path.
此外,您的脚本非常不安全!任何人都可以从服务器上下载他们想要的任何文件.提供文件之前,请确保检查文件是否在doc根目录下. 从不,用户可以不受限制地指定他们想要的任何文件.您不希望有人做?file=../../../etc/passwd.
Also, your script is terribly insecure! Anyone can download any file they want off your server. Make sure to check that the file is within the doc root before serving it up. Never let a user just specify any file they want without restriction. You don't want some doing ?file=../../../etc/passwd.
这篇关于将文件下载为附件文件大小不正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
