What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » Scripting » Pack the script

Pages: (3): « First « 1 2 [ 3 ] Last »
Pack the script
Author: Message:
SnuZZer
Full Member
***

Avatar

Posts: 114
32 / Male / Flag
Joined: Jun 2006
O.P. RE: Pack the script
Hi.
Ofcurse PHP!!
Thanks!!

I changed the script a bit:
code:
<?
$script = $_GET[script];
$tjek = $script.".plsc";

if (file_exists($tjek)) {

header("Content-Type: application/x-plsc");
header('Content-Disposition: attachment; filename="' . $script . '.plsc"');
readfile("$script.plsc");

} else {
echo "$tjek blev ikke fundet på serveren.";
}
?>
08-20-2006 01:56 PM
Profile E-Mail PM Web Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: Pack the script
Hmm, this sounds interesting....

Because I has a few reports from people who had WinZip and such popping up when downloading from the scripts DB too.

So that code is confirmed to work?:
code:
header("Content-Type: application/x-plsc");
header('Content-Disposition: attachment; filename="' . $filename . "');
readfile("$filename");
Finish the problem
Menthix.net | Contact Me
08-20-2006 02:06 PM
Profile E-Mail PM Web Find Quote Report
Ezra
Veteran Member
*****

Avatar
Forgiveness is between them and God

Posts: 1960
Reputation: 31
37 / Male / Flag
Joined: Mar 2003
RE: Pack the script
quote:
Originally posted by MenthiX
Hmm, this sounds interesting....

Because I has a few reports from people who had WinZip and such popping up when downloading from the scripts DB too.

So that code is confirmed to work?:
code:
header("Content-Type: application/x-plsc");
header('Content-Disposition: attachment; filename="' . $filename . "');
readfile("$filename");


I think it's just the header "Content-Type: application/x-plsc" that does it.
[Image: 1-0.png]
             
08-20-2006 02:15 PM
Profile PM Web Find Quote Report
mickael9
Full Member
***


Posts: 117
Reputation: 3
33 / Male / Flag
Joined: Jul 2005
RE: RE: Pack the script
quote:
Originally posted by SnuZZer
Hi.
Ofcurse PHP!!
Thanks!!

I changed the script a bit:
code:
<?
$script = $_GET[script];
$tjek = $script.".plsc";

if (file_exists($tjek)) {

header("Content-Type: application/x-plsc");
header('Content-Disposition: attachment; filename="' . $script . '.plsc"');
readfile("$script.plsc");

} else {
echo "$tjek blev ikke fundet på serveren.";
}
?>

Bad idea !
code:
<?
$script = $_GET[script]; // no! php search for the 'script' constant
$tjek = $script.".plsc"; // "$script.plsc" is more simple ...

if (file_exists($tjek)) { // and if I insert ../[...] , /home/[...],  C:\[...], http://[...], ftp://[...] ; file_exists will accept a folder too

header("Content-Type: application/x-plsc");
header('Content-Disposition: attachment; filename="' . $script . '.plsc"');
readfile("$script.plsc");

} else {
echo "$tjek blev ikke fundet på serveren."; // XSS vulnerability, $tjek = <script>alert("Cookies: " + document.cookie);</script>
}
?>

@Ezra : yes, but if you don't put the Content-Disposition header, you will get a download.php file :p

Edit : a more clean code :
code:
<?php

$script = (get_magic_quotes_gpc() ? stripslashes($_GET['script']) : $_GET['script']);
$scriptfn= "$script.plsc";

$error = 0;

if (empty($script))
    $error = 1;

else if (preg_match('#[/\\\\."]#', $script))
    $error = 2;

else if (!is_file($scriptfn))
   $error = 3;

if ($error === 0)
{
    header("Content-Type: application/x-plsc");
    header('Content-Disposition: attachment; filename="' . $scriptfn . '"');

    readfile($scriptfn);
}
else
{
    $scriptfn = htmlentities($scriptfn);
   
    switch ($error)
    {
        case 1:
            echo "File is empty !";
            break;
        case 2:
            echo "Illegal characters in file : $scriptfn";
            break;
        case 3:
            echo "File not found : $scriptfn";
            break;
    }
}

?>


Just change the error messages ...

This post was edited on 08-20-2006 at 03:39 PM by mickael9.
08-20-2006 03:10 PM
Profile PM Web Find Quote Report
Ezra
Veteran Member
*****

Avatar
Forgiveness is between them and God

Posts: 1960
Reputation: 31
37 / Male / Flag
Joined: Mar 2003
RE: Pack the script
quote:
Originally posted by mickael9

@Ezra : yes, but if you don't put the Content-Disposition header, you will get a download.php file

Yeah I know that, but as the download system from the database already works correctly, only that IE users sometimes download a .zip file, I meant that Menthix could probably fix that by only adding that to the headers :-)

This post was edited on 08-20-2006 at 03:24 PM by Ezra.
[Image: 1-0.png]
             
08-20-2006 03:23 PM
Profile PM Web Find Quote Report
Pages: (3): « First « 1 2 [ 3 ] Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On