# ceo@xxxxxxxxx / 2006-12-15 22:55:54 -0600: > On Tue, December 12, 2006 11:04 am, Frank M. Kromann wrote: > > if you use: > > > > header("Content-Type: application/zip"); > > header("Content-Disposition: attachment; filename=\"somefile.zip\""); > > > > That works for me with IE 6/7 and other browsers. > > Argggggh. > > Please read this: > http://richardlynch.blogspot.com/ > > Go test with MORE browsers and MORE OSes, because you haven't yet hit > the ones where your Content-Disposition does not work, and they are > out there somewhere. As if it mattered that much. The filename's just a hint, the browser can be configured to ignore it even if it understands it, whatever. I would even say you're bound to hit a browser configured for some unintelligent reason to handle all app/o-s files with winamp. So what? You cannot count on anything the UA will/not do to the content. BTW, the "1995 johnny-come-lately Microsoft made-up Content-disposition header" has been proposed for MIME by Qualcomm (RFC1806, RFC2183). HTTP/1.1 (RFC2616) says: 15.5 Content-Disposition Issues: RFC 1806 [35], from which the often implemented Content-Disposition (see section 19.5.1) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See RFC 2183 [49] (which updates RFC 1806) for details. [...] 19.5.1 Content-Disposition The Content-Disposition response-header field has been proposed as a means for the origin server to suggest a default filename if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition in RFC 1806 [35]. content-disposition = "Content-Disposition" ":" disposition-type *( ";" disposition-parm ) disposition-type = "attachment" | disp-extension-token disposition-parm = filename-parm | disp-extension-parm filename-parm = "filename" "=" quoted-string disp-extension-token = token disp-extension-parm = token "=" ( token | quoted-string ) An example is Content-Disposition: attachment; filename="fname.ext" The receiving user agent SHOULD NOT respect any directory path information present in the filename-parm parameter, which is the only parameter believed to apply to HTTP implementations at this time. The filename SHOULD be treated as a terminal component only. If this header is used in a response with the application/octet- stream content-type, the implied suggestion is that the user agent should not display the response, but directly enter a `save response as...' dialog. See section 15.5 for Content-Disposition security issues. -- How many Vietnam vets does it take to screw in a light bulb? You don't know, man. You don't KNOW. Cause you weren't THERE. http://bash.org/?255991 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php