下载名称中带有空格的文件 - 通过 htaccess 进行限制
download files with spaces in their name - restriction through htaccess
我偶然发现了一种保护文件的奇怪方法。
基本上受保护文件夹中有空 download.php 文件和导致文件下载的两个文件(来自同一文件夹):
存储密码的 .htpwd 和 .htaccess:
RewriteEngine On
##RewriteBase /
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(.*)$ - [NC,F,L]
RewriteCond %{QUERY_STRING} ^filename=(.*)$
RewriteRule ^download\.php$ %1
RewriteRule (.*) - [E=file:]
Header set Content-type "octet-stream"
Header set Content-disposition "attachment; filename=%{file}e" env=file
##AuthName "Restricted Access"
##AuthType Basic
##AuthUserFile /local/home/example/example.com/downloads/.htpwd
##AuthGroupFile /dev/null
##require valid-user
下载示例link:
http://www.example.com/downloads/download.php?filename=dog%20cat%20cow.zip
如果文件名是 dog-cat-cow.zip - 一切正常。当文件名是:
"dog cat cow.zip" 然后文件将被下载,但下载后的文件名将是 "dog" 而不是 "dog cat cow.zip"。所以问题是人们得到的文件甚至没有扩展名并且不知道如何处理它。
考虑到我根本无法重命名这些文件并删除空格,如何解决这个问题?我不是如何阅读 .htaccess 的专家,而且我能想到的搜索短语都没有提供任何类似的问题解决方案。
有什么想法吗?
如评论中所述,也许可以尝试:
RewriteEngine On
##RewriteBase /
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(.*)$ - [NC,F,L]
RewriteCond %{QUERY_STRING} ^filename=(.*)$
RewriteRule ^download\.php$ %1
RewriteRule (.*) - [E=file:]
Header set Content-type "octet-stream"
Header set Content-disposition "attachment; filename='%{file}'" env=file
##AuthName "Restricted Access"
##AuthType Basic
##AuthUserFile /local/home/example/example.com/downloads/.htpwd
##AuthGroupFile /dev/null
##require valid-user
或者,为什么不在 download.php 文件本身中设置内容类型和配置?
$fileStorageDirectory = '/the/folder/the/downloadable/files/are/in/';
// Check for Parameter
if( !isset( $_GET['filename'] ) || $_GET['filename']=='' ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('No File Specified');
}
$fileName = trim( $_GET['filename'] );
$fileRequested = $fileStorageDirectory.$fileName;
// Check File Exists
if( !file_exists( $fileRequested ) ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('File Not Found');
}
// Check File is Readable
if( !is_readable( $fileRequested ) ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('File Not Accessible');
}
// Send the File
header( 'Content-Type: application/octet-stream' );
header( 'Content-Disposition: attachment; filename="'.fileName.'"' );
readfile( $fileRequested );
exit;
我偶然发现了一种保护文件的奇怪方法。
基本上受保护文件夹中有空 download.php 文件和导致文件下载的两个文件(来自同一文件夹): 存储密码的 .htpwd 和 .htaccess:
RewriteEngine On
##RewriteBase /
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(.*)$ - [NC,F,L]
RewriteCond %{QUERY_STRING} ^filename=(.*)$
RewriteRule ^download\.php$ %1
RewriteRule (.*) - [E=file:]
Header set Content-type "octet-stream"
Header set Content-disposition "attachment; filename=%{file}e" env=file
##AuthName "Restricted Access"
##AuthType Basic
##AuthUserFile /local/home/example/example.com/downloads/.htpwd
##AuthGroupFile /dev/null
##require valid-user
下载示例link:
http://www.example.com/downloads/download.php?filename=dog%20cat%20cow.zip
如果文件名是 dog-cat-cow.zip - 一切正常。当文件名是: "dog cat cow.zip" 然后文件将被下载,但下载后的文件名将是 "dog" 而不是 "dog cat cow.zip"。所以问题是人们得到的文件甚至没有扩展名并且不知道如何处理它。
考虑到我根本无法重命名这些文件并删除空格,如何解决这个问题?我不是如何阅读 .htaccess 的专家,而且我能想到的搜索短语都没有提供任何类似的问题解决方案。 有什么想法吗?
如评论中所述,也许可以尝试:
RewriteEngine On
##RewriteBase /
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(.*)$ - [NC,F,L]
RewriteCond %{QUERY_STRING} ^filename=(.*)$
RewriteRule ^download\.php$ %1
RewriteRule (.*) - [E=file:]
Header set Content-type "octet-stream"
Header set Content-disposition "attachment; filename='%{file}'" env=file
##AuthName "Restricted Access"
##AuthType Basic
##AuthUserFile /local/home/example/example.com/downloads/.htpwd
##AuthGroupFile /dev/null
##require valid-user
或者,为什么不在 download.php 文件本身中设置内容类型和配置?
$fileStorageDirectory = '/the/folder/the/downloadable/files/are/in/';
// Check for Parameter
if( !isset( $_GET['filename'] ) || $_GET['filename']=='' ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('No File Specified');
}
$fileName = trim( $_GET['filename'] );
$fileRequested = $fileStorageDirectory.$fileName;
// Check File Exists
if( !file_exists( $fileRequested ) ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('File Not Found');
}
// Check File is Readable
if( !is_readable( $fileRequested ) ){
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
die('File Not Accessible');
}
// Send the File
header( 'Content-Type: application/octet-stream' );
header( 'Content-Disposition: attachment; filename="'.fileName.'"' );
readfile( $fileRequested );
exit;