帮助了解这个PHP代码下载文件 [英] Help understand this PHP code download file
问题描述
我想下载一个位于 http://confluence.rogersdigitalmedia.com/exportword的文件文件?PAGEID = 1114407 。如何修改以下代码从该URL下载文件?
有人可以解释这个代码在当前状态下做什么,下载什么?从目录中的文件?
<?php
//将此代码放在php文件称为fe download.php
$ path = $ _SERVER ['DOCUMENT_ROOT']。/ path2file /; //更改路径以适应您的网站文档结构
$ fullPath = $ path。$ _ GET ['download_file'];
if($ fd = fopen($ fullPath,r)){
$ fsize = filesize($ fullPath);
$ path_parts = pathinfo($ fullPath);
$ ext = strtolower($ path_parts [extension]);
switch($ ext){
casepdf:
header(Content-type:application / pdf); //在这里添加更多的标题为diff。 extension
header(Content-Disposition:attachment; filename = \$ path_parts [basename]。\); //使用'附件'强制下载
break;
默认值
header(Content-type:application / octet-stream);
header(Content-Disposition:filename = \$ path_parts [basename]。\);
}
header(Content-length:$ fsize);
header(Cache-control:private); //使用这个直接打开文件
while(!feof($ fd)){
$ buffer = fread($ fd,2048);
echo $ buffer;
}
}
fclose($ fd);
退出;
// example:将这种链接放在提供文件下载的文档中:
//< a href =download.php?download_file = some_file.pdf> / A>
?>
这段代码应该是通过PHP下载文件。通常,它用于隐藏包含下载的目录,或者下载文件不可访问的文件,因为文件位于Web根目录之外。对于这样的脚本的另一个用途是为授权用户提供下载,您必须在脚本中进行身份验证。
如果该文件具有PDF扩展名,下载与PDF mimetype一样提供,因此浏览器可以在PDF查看器中打开它。其他文件以二进制文件形式提供,可以保存。
不要按原样使用此脚本。它包含一个巨大的安全漏洞,允许攻击者查看系统上的任意文件(路径遍历) 。替换行:
$ fullPath = $ path。$ _ GET ['download_file'];
与以下内容使其更安全:
$ fullPath = $ path。基名($ _ GET [ download_file]);
更好的是:通过允许允许的字符集中的文件名并拒绝其他无效文件名来实现白名单。 p>
下载外部文件与 cURL的例子:
< php
$ ch = curl_init(http://www.example.com/);
$ fp = fopen(example_homepage.txt,w);
curl_setopt($ ch,CURLOPT_FILE,$ fp);
curl_setopt($ ch,CURLOPT_HEADER,0);
curl_exec($ ch);
curl_close($ ch);
fclose($ fp);
?>
由于我没有关于下载网址的线索,我会将原始网址和PHP示例中的文件名。
I want to download a doc file located at http://confluence.rogersdigitalmedia.com/exportword?pageId=1114407. How can I modify the following code to download a file from that URL??
And can someone please explain what this code does in its current state, what does it download, a file from a directory?
<?php
// place this code inside a php file and call it f.e. "download.php"
$path = $_SERVER['DOCUMENT_ROOT']."/path2file/"; // change the path to fit your websites document structure
$fullPath = $path.$_GET['download_file'];
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf"); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
break;
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
// example: place this kind of link into the document where the file download is offered:
// <a href="download.php?download_file=some_file.pdf">Download here</a>
?>
This code is supposed to download files through PHP. Usually, it's used to hide the directory containing the downloads, or to download files which were otherwise inaccessible because the files are outside the web root. Another use for such a script is to offer downloads for authorized users, you'd have to put an authentication check in the script.
If the file has a PDF extension, the download is offered as with the PDF mimetype, so browsers can open it in a PDF viewer. Other files are offered as binary files which can be saved.
Do not use this script "as-is". It contains a huge security vulnerability which allows an attacker to view arbitrary files on your system (Path traversal). Replace line:
$fullPath = $path.$_GET['download_file'];
with the following to make it a bit more secure:
$fullPath = $path . basename($_GET['download_file']);
Even better: implement whitelisting by allowing filenames within an allowed character set and rejecting other invalid filenames.
Downloading an external file is as easy as following the example of cURL:
<?php
$ch = curl_init("http://www.example.com/");
$fp = fopen("example_homepage.txt", "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
fclose($fp);
?>
Since I've no clue about the URL of your download, I'll leave the original URLs and filenames from the PHP example.
这篇关于帮助了解这个PHP代码下载文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
