Header to download file that contains semicolon in its filename

Question

I already have a PHP code in order to force user download a file, the code has worked well

the problem is, when user want to download a file that contains semicolon in its filename

for example the code will be success if the file name XYZ.zip

but it won't be success if the file name aaaX;Y.zip (read as aaax [semicolon] Y [dot] zip) when user download, the filename become aaaX

it's cut in first semicolon

<?php

$a=basename($_GET['fn']);
$sizepath =filesize(base64_decode($_GET['path']));

header('Content-Type: application/octet-stream');
header("Content-Disposition: attachment; filename=".$a); 
header('Cache-control: private, must-revalidate');
header('Content-Transfer-Encoding: binary');
// load the file to send:

readfile(base64_decode($_GET['path']));
?>

Answer 1

Always be careful when giving the user control over a variable that ends up in file_get_contents(). This could result in the Path traversal vulnerability.

Answer 2

Use urlencode(), like this:

header("Content-Disposition: attachment; filename*=us-ascii'en-us'".urlencode($a));

See RFC 2231 for more information.

Answer 3

Try this one

header("Content-Disposition: attachment; filename=\"" . $a . "\"" );