Reputation: 501
Download file by form PHP
I'm trying to dowloand json data by form PHP. File is downloading but dsnt get name which one i defined, also in file print only two characters from my json data.
File inside looks like:
[{
When json data looks:
[{"SIZE":[16,16]}]
He is code:
var dataAsText = JSON.stringify(data);
var filename=$("#menu-save-text").val();
var _content = dataAsText;
jQuery('<form action="download.php" method="POST"><input type="hidden" name="filename" value="'+filename +'" /><input type="hidden" name="content" value="'+_content+'" /></form>').appendTo('body').submit().remove();
PHP:
<?
$filename=$POST["filename"];
header("Content-type: text/plain");
header("Content-Disposition: attachment; filename=".$filename."");
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
echo $_POST["content"];
?>
Downloaded files name is download.php
Upvotes: 0
Views: 1515
Answers (1)
Reputation: 360762
You're suffering from an HTML injection vulnerability. The " in the JSON is breaking your HTML:
e.g. the html you build looks like this:
[..snip..]<input type="hidden" name="content" value="[{"SIZE":[16,16]}]" />[..snip..]
Which will be parsed by the browser as:
input:
value="[}" // proper attribute
size":[16,etc... // unknown/illegal html attribute
In other words, you need to quote your JSON for usage in an html form attribute, e.g. change all the " to ". That or build the HTML using proper dom methods, and set the content input's value via $(...).val(json_goes_here)-type operations with jquery.
Upvotes: 1
Related Questions
- Download file through an ajax call php
- download file using an ajax request
- Downloading files using jQuery, JSON, and PHP
- Download file with ajax
- download file from ajax
- Ajax File Download using Jquery, PHP
- Creating and Downloading a file using PHP
- Download file with AJAX call
- Download file using JQuery/Php
- Php file download through ajax request