|
|
Posted by "Richard Lynch" on 08/10/05 23:23
On Wed, August 10, 2005 12:49 pm, Chris wrote:
>> if ($extension != 'txt')
>> {
>> header("Content-disposition: inline; filename=\"$file[type]\"");
>> }
>> else
>> {
>> // force txt files to prevent XSS
>> header("Content-disposition: attachment; filename=\"$file[type]\"");
>> }
The Content-disposition header is a made-up bull-crap thing that came
about with "html enhanced" (cough, cough) email.
If you want *EVERY* browser to download something, forget this header and
use:
header("Content-type: application/octet-stream");
The Content-disposition will, on *SOME* browsers, on *SOME* OSes appear to
be useful for getting the filename in the dialog prompt for "Save As..."
to be the filename you want.
Unfortunately, it does *NOT* work universally.
If you want a UNIVERSAL solution, make the URL look like it's a "static"
URL and have the filename you want to be used appear at the end of the
URL.
Converting dynamic to static-looking URLs is covered in many places.
Google for PHP $_SERVER PATHINFO
Under no circumstances should you be using headers like "audio/mpeg" if
you want me to download it -- I guarantee my browser will open that up in
an MP3 player. Many other users will also have been led through the
process to make that happen.
But if the browser doesn't download "application/octet-stream" it's a very
very very broken browser.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|