Reputation: 847
download files with spaces in their name - restriction through htaccess
I stumbled upon strange way to protect files.
Basicly there is empty download.php file in protected folder and two files that cause file to be downloaded (from the same folder): .htpwd where password is stored and .htaccess:
RewriteEngine On
##RewriteBase /
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(.*)$ - [NC,F,L]
RewriteCond %{QUERY_STRING} ^filename=(.*)$
RewriteRule ^download\.php$ %1
RewriteRule (.*) - [E=file:$1]
Header set Content-type "octet-stream"
Header set Content-disposition "attachment; filename=%{file}e" env=file
##AuthName "Restricted Access"
##AuthType Basic
##AuthUserFile /local/home/example/example.com/downloads/.htpwd
##AuthGroupFile /dev/null
##require valid-user
Example of download link:
http://www.example.com/downloads/download.php?filename=dog%20cat%20cow.zip
If filename is dog-cat-cow.zip - all works. Problem starts when filename is: "dog cat cow.zip" then file will be downloaded but its file name after download will be "dog" instead of "dog cat cow.zip". So problem is people get file without even extension and have no idea what to do with it.
How this can be solved considering i simply cannot rename those files and remove spaces? I'm not expert on how to read .htaccess and no phrase that I could think of to search gives any similar problem resolution. Any ideas?
Upvotes: 7
Views: 934
Answers (1)
Reputation: 10341
As mentioned in comments, maybe try:
RewriteEngine On
##RewriteBase /
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(.*)$ - [NC,F,L]
RewriteCond %{QUERY_STRING} ^filename=(.*)$
RewriteRule ^download\.php$ %1
RewriteRule (.*) - [E=file:$1]
Header set Content-type "octet-stream"
Header set Content-disposition "attachment; filename='%{file}'" env=file
##AuthName "Restricted Access"
##AuthType Basic
##AuthUserFile /local/home/example/example.com/downloads/.htpwd
##AuthGroupFile /dev/null
##require valid-user
Alternately, why not set the Content Type and Disposition within your download.php file itself?
$fileStorageDirectory = '/the/folder/the/downloadable/files/are/in/';
// Check for Parameter
if( !isset( $_GET['filename'] ) || $_GET['filename']=='' ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('No File Specified');
}
$fileName = trim( $_GET['filename'] );
$fileRequested = $fileStorageDirectory.$fileName;
// Check File Exists
if( !file_exists( $fileRequested ) ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('File Not Found');
}
// Check File is Readable
if( !is_readable( $fileRequested ) ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('File Not Accessible');
}
// Send the File
header( 'Content-Type: application/octet-stream' );
header( 'Content-Disposition: attachment; filename="'.fileName.'"' );
readfile( $fileRequested );
exit;
Upvotes: 1
Related Questions
- php - file_get_contents - Downloading files with spaces in the filename not working
- Linux not allowing to download filename with spaces
- PHP Force Download File Name with Spaces
- Protecting folder using .htpasswd, but allowing php download while protecting password
- Downloading a file cause error when it contains spaces - PHP
- How can I change this line so i will download files with spaces in the name
- HTACCESS - use spaces in URL
- Apache download files with specific extension
- HTTP File download with spaces
- downloading a file from a web directory