Comments on snippet: 'Download file'

finalwebsites said on 4/28/11

Thu, 28 Apr 2011 16:02:20 GMT

Nice snippet but you should replace the function "eregi()" from the PHP manual: This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

zoranmk said on 10/27/10

Wed, 27 Oct 2010 21:40:41 GMT

Why, don't you check the CodeIgniter download helper it has logic if we are dealing with Internet Explorer or other browser and it's probably more tested than this code. The function name is force_download

smartlogo said on 8/19/08

Tue, 19 Aug 2008 10:25:30 GMT

lastly i fine it thanks

NotIan said on 7/16/08

Wed, 16 Jul 2008 12:57:06 GMT

Since ereg is being phased out for PHP6 you should use preg_match, and you should be checking it on a per path chunk basis, ie:

$targetArray = explode('/',$filename); foreach($targetArray as $key => $value){ if(preg_match('/^(..|.ht).*/',$value){ die('File Path Invalid'); } }

What if i have a file in: ficheros/images/picture.htc.jpg or ficheros/filename..doc?

Also if you are not subdirectorying you could just use basename($filename) and be done with it

NotIan said on 7/16/08

Wed, 16 Jul 2008 12:56:30 GMT

Since ereg is being phased out for PHP6 you should use preg_match, and you should be checking it on a per path chunk basis, ie:

$targetArray = explode('/',$filename); foreach($targetArray as $key => $value){ if(preg_match('/^(..|.ht).*/',$value){ die('File Path Invalid'); } }

What if i have a file in: ficheros/images/picture.htc.jpg or ficheros/filename..doc?

Also if you are not subdirectorying you could just use basename($filename) and be done with it

koncept said on 4/22/08

Tue, 22 Apr 2008 03:54:09 GMT

Hey there. Just noticed that the script is killed on line 10 if '..' is detected in the filename string. As such, line #11's overhead is redundant — the condition will not be met.