I have a script that lets the user download files (stored in a blob field after doing a bin2hex() )
function hex2bin($h){ ... }
// code to get $filecontent,$filesize,$uploadname from database
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header("Content-Length: $filesize");
header('Content-Disposition: attachment; filename="'.$uploadname.'"');
echo hex2bin($filecontent);
everything is working fine, except the browser is taking 3 to 4 seconds after
downloading the file to finally terminate the http session.
Any clue whats causing that.
thanks.
Pari
Turns out there was an ob_start("ob_gzhandler")
in one of the include files. Removing it solved the issue.
thanks everyone.
Pari
Probably the "code to get $filecontent,$filesize,$uploadname from database" is the problem. Show it
Related
I checked similar posts and here's the problem: a portion of my codes :
if($_GET['dl']) {
$file=$_GET['dl'];
$file="../../rep/".$file;
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . basename($file) . "\"");
readfile($file);
exit;}
This code runs when user submit form and redirects on current PHP file. The result opens in browser rather than download. I checked a lot of other headers or modifications with no clue.
So I made a separated PHP file : download.php and paste the above code exactly on it. then redirect user to this new file And Problem solved! (File downloads without any problem)
So my question is what's the problem exactly?
Thanks from comments, the reason founded!
I had started the PHP tag <?php from second line in the file like this:
...
php tag start here <?php
Perhaps first line considered as an output.removed first line and now download starts properly ;)
I have a class for writing CSV lines to a new file
fwrite($this->the_file_resource, implode($this->delimiter, $headers_array) . PHP_EOL);
When this runs on our application, every so often the data will write to the CSV file corrupted, I can run the same command immediately afterwards and it works completely as expected.
Expected:
Corrupt:
One thing I have noticed is that it's always the header and always in the first couple of columns.
What would the best method be to troubleshoot this? It's very difficult to replicate as it's not consistent.
Try setting the header correctly before generating your CSV. Your problem looks like an encoding problem
header("Content-Type: text/csv");
header("Content-Disposition: attachment; filename=file.csv");
header("Content-Transfer-Encoding: UTF-8");
I am using php ZipArchive to create an zip file on-the-fly and send it back to the user. I temporarily store the zipped file in a folder above document root and then send it back with the code
header('Content-type:application/zip');
header('Content-Disposition: inline; filename="'.("file.zip").'"');
header("Content-Transfer-Encoding: binary");
header("Content-Length:".filesize($file));
$fh = fopen($file,'rb');
fpassthru($fh);
after having first issued a
$zip->close()
to ensure that that the file isn't open. The issue I have run into is this - the stored zip file is a valid archive which I can open in Windows 7, 7Zip, WinZIP etc. However, when I send the file down with the code above it ends up with an 0xD 0xA pair at the start of the file which is enough to render it corrupt. I cannot figure out where those characters could be coming from. Is this a known bug with fopen/fpassthru? Any help would be much appreciated.
I found when removing the header("Content-Length:".filesize($file)); line it fixed my very same problem...
After many tries to download zip file, the solution was:
$result = create_zip($files_to_zip,$fileZip,true,$path_parts['dirname']);
ob_clean();
ob_end_flush(); // more important function - (without - error corrupted
zip)
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header('Content-Type: application/zip;\n');
header("Content-Transfer-Encoding: Binary");
header("Content-Disposition: attachment; filename=\"".basename($fileZip)."\"");
readfile($fileZip);
unlink($fileZip);
exit();
What does your full script look like?
Generally speaking you should remove any closing PHP tags at the end of your script files, as it's probably output coming from the end of your script, or an included script.
Thank you #_on !
You helped me with this information.
But instead of removing header ("Content-Length:". Filesize ($ file)) ;, I inserted a line break "\\n", leaving:
header ("Content-Length:". filesize ($ file). "\\n");
And the file generated its size to assist in the download
Okay then.
Tks
I have a problem with invalid signing certificates on files downloaded using Firefox. IE, Opera, Safari and Chrome are all fine. If the file is downloaded directly by clicking a link in FF it's also ok but if the file is downloaded using PHP for security it is 1 byte larger, having a x0A tacked on the end and I think this is causing it to fail the validation check. The PHP is very simple:
<?php
$file = "../downloads/".$_GET['link'];
$size = filesize($file);
$type = filetype($file);
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header( "Content-Disposition: attachment; filename=".basename($file));
header("Content-Length: ".$size);
header("Content-Type: ".$type);
readfile($file);
?>
Does anyone have any idea why Firefox alone should be having problems with getting the size right here? Grateful for any ideas.
Check if file exists and is placed in allowed location - now attacker is able to download nearly every file on your webserver
Don't use closing phptag - ?>, every whitespace after it will be send to the browser
Use exit; just after readfile to make sure no other function that produces output is called.
check on the Content-Type header, you set it twice so the latter one will be used, it could be something like "Content-Type: file" due to function filetype(), the browser can't understand "file" content type and take it as a text file. I guess that's the cause of the extra 0x0a.
Comment "header("Content-Type: ".$type);" and it will work fine.
replace below line
<?php
header("Content-Length: ".strlen($file));
?>
good luck :)
I'm currently building a script that will allow a user to download a file via a URL without actually seeing the filename or where the file is stored. So far I have everything built out, but I need to know how I would go about calling the file to open and download. I currently have a working version (code below), but for some reason the PHP is corrupting the download. Everytime I try to open a file that downloads to my desktop I get a corrupt error message. When I open the same file on the server itself, the file works just fine.
URL Structure:
http://www.example.com/download/file/cjVQv0ng0zr2
Code that initiates the download
$fullpath = BASE_PATH . '../uploads/brochures/' . $vendors['0']['filename'];
header("Content-type: application/pdf");
header('Content-disposition: attachment; filename="' . $fullpath . '"');
Am I doing something wrong that would cause the file to become corrupt? Am I missing a header or two?
Thanks in advance,
Jake
You need to call the following line after sending the header.
readfile($fullpath);
and also adjust in the header like this:
header('Content-disposition: attachment; filename="' . basename($fullpath) . '"');
One thing i am not sure about is the $fullpath .. try to see if the $fullpath you have is correct and you can actually reach the file, this needs to be the full physical path of the file.
I think it would also be a good idea to add the following header as well:
header("Content-Transfer-Encoding: binary");
I had a similar issue a while back. Make sure you don't have any extra whitespace in your script file, either before the "<?php" tag or after the "?>" tag. In my case the last character of my script was "\n" instead of the expected ">".
I had faced the same problem sometime back, following worked for me; put a
while( #ob_end_clean() );
just before header functions:
header("Content-Type: ". $row['p_mime']);
header("Content-Length: ". $row['p_size']);
header("Content-Disposition: inline; filename=".$row["p_name"]);
Content-disposition: attachment/inline has to be set according to cases (1. prompt for download / 2. open in browser)
NOTE: Take care that you are not echoing and value before the header function, and being over cautious will not do any harm, silent out all the function before header function which you think would fail or spawn a warning message prefixing "#" symbol to those lines of php code.
all the best :)
Make sure you exit...
(i'm using a blob)
header("Content-Type: " . $response['content_type'] );
header("Cache-Control: maxage=1");
header("Pragma: public"); //fixes ie bug
echo trim($_data);
exit();