[ukyankee]

Hi, I'm hoping someone will be able point me in the right direction here, I have a friend with a site that operates downloads by cgi, but there is a small problem, while the script is getting the file to download, the browser is asking to save the file as the script name instead of the actual file name. I understand perl so far as I can "read" it and know what it's doing, and make minor alterations to customize it, but not where I could actually write anything useful. Someday. But if someone could give me a tip on what the problem might be, because I think it might be something obvious to someone else, it would really make my day!

Thanks in advance.

[ukyankee]

sorry, it seems I've posted this to the wrong board.

[e4c5]

Hello if it is perl that you are using you have posted at the right place.

please make sure you send out the following headers.
Content-Type: $mime_type
Content-Disposition: inline; filename="$filename"

that should do the trick

[ukyankee]

Thanks, I'd thought maybe it should have gone into the server side scripting board instead.

Thanks for your reply, I was glad to get confirmation that it is a scripting issue. I conferred briefly with the writer of this and apparently he's had problems getting it to save as the correct file and left it this way, so it has never been working properly, which I find a little shocking as this was paid for. I had downloaded a few download scripts and tried variations of the above code with no luck.

I'd like to take a few stabs and getting it to work as is before we change how the file downloads are handled if possible. The bit of code that is handling this:

Code:

# Get the file to be displayed!

$dd = $form{"dets"} || $firstname;
$fd = $form{"file"} || "$dd.html";
open (FH,"../../cvs/$dd/$fd");
read (FH,$response,10000000);

# See if this is a "download" request ...

if (! $form{"file"}) {
	$response =~ s/(<body.*?>)/$1$loader/i;
	sendpage($response);
} else {
	# print "content-location: $fd\n";
	print "content-type: application/octet-stream name=$fd\n\n";
	print $response;
}

This script does checking against a file created by Credit Card validation and expires the ability to download after x days, so I can't make a lot of changes else where in the code.

I'm sure I'll be able to find an alternative route to solve this as well if this is a dead end. Thanks so much for taking the time.

[e4c5]

Hi,
glad to be of help.
first replace the line in your code with

Code:

print "content-type: application/octet-stream\n";
print "Content-Disposition: inline; filename=\"$filename\"\n\n";

Please note - the order is important
you have to replace the $filename with whatever your filename is or your variable that represents the file name

the second point is that you are reading in chunks of 10MB each. this is way too much. try a lot smaller value would be kinder on your server.

all the best



[code]
print "Content-Disposition: inline; filename=\"$filename\"

[/code[

[ukyankee]

Thank you so much! Your suggestion did the trick.

I'll experiment with the file reading issue, thank you for pointing it out.

[rob2132]

Quote:

$dd = $form{"dets"} || $firstname;
$fd = $form{"file"} || "$dd.html";
open (FH,"../../cvs/$dd/$fd");
read (FH,$response,10000000);

The $fd variable doesn't seem to have any checking, nor does $dd. Be careful about that--you might want to put in safe file types for it to serve up, so people don't use this script to download files off the server you don't want them to (especially config files with passwords, etc.). Also, check for any instance of /\.\.\/ on the file name field, so people can't traverse the directories and download any tile that your script has permission to read.