Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m doing a security check with PHP before loading a file, the file could be a jpg, pdf doc or similar.
Is there any library which would automate the different headers etc I need to do to output the file, without me having to check the file extension?
For pdfs and docs especially, since the user may download, It’s not ideal to have the url being view_file.php?blah=blah. I guess the only alternative is to force a download and specify the filename?
PHP has pathinfo to get a file paths extension, or Fileinfo to get the mime-type.
As for obsecuring the URL, you could create a database with references to the file names, that way your url could look like
view_file.php?file_id=123, noone will know its actuallyimportant.doc.