Richard Lynch wrote:
On Wed, August 10, 2005 12:49 pm, Chris wrote:
if ($extension != 'txt')
{
header("Content-disposition: inline; filename=\"$file[type]\"");
}
else
{
// force txt files to prevent XSS
header("Content-disposition: attachment; filename=\"$file[type]\"");
}
The Content-disposition header is a made-up bull-crap thing that came
about with "html enhanced" (cough, cough) email.
If you want *EVERY* browser to download something, forget this header and
use:
header("Content-type: application/octet-stream");
The Content-disposition will, on *SOME* browsers, on *SOME* OSes appear to
be useful for getting the filename in the dialog prompt for "Save As..."
to be the filename you want.
Unfortunately, it does *NOT* work universally.
If you want a UNIVERSAL solution, make the URL look like it's a "static"
URL and have the filename you want to be used appear at the end of the
URL.
Converting dynamic to static-looking URLs is covered in many places.
Google for PHP $_SERVER PATHINFO
Under no circumstances should you be using headers like "audio/mpeg" if
you want me to download it -- I guarantee my browser will open that up in
an MP3 player. Many other users will also have been led through the
process to make that happen.
But if the browser doesn't download "application/octet-stream" it's a very
very very broken browser.
if i don't use Content-disposition IE downloads the file as "unknown"
(mp3, exe, or otherwise) with no extension and the names the file you
are downloading becomes the name of the script that was called. lol?
can never win with IE ..
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.5/67 - Release Date: 8/9/2005
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php