我在as3 flash和php中编程一个按钮,你可以在这里下载一个.zip文件。 这从php(代理)获取路径,但它无法识别文件类型,也无法运行COMPLETE事件。这样做的想法是隐藏zip文件所在的位置。 我不明白问题出在哪里。 as3代码:
package {
imports...
public class Main extends MovieClip{
var download_button:MovieClip;
var req:URLRequest;
var file:FileReference;
var proxy:String = "http://www.domain.com/audio/proxy.php?url=";
var filename:String = "file.zip";
var status:TextField = new TextField();
public function Main() {
download_btn.addEventListener(MouseEvent.CLICK, promptDownload);
status.text = "Bienvenido";
addChild(status);
}
private function promptDownload(e:MouseEvent):void {
req = new URLRequest(proxy + filename);
file = new FileReference();
file.addEventListener(Event.COMPLETE, completeHandler);
file.addEventListener(Event.CANCEL, cancelHandler);
file.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);
file.download(req, "file.zip");
}
private function cancelHandler(event:Event):void {
trace("User canceled the download");
status.text = "Cancelado";
}
private function completeHandler(event:Event):void {
trace("Download complete");
status.text = "Completado";
}
private function ioErrorHandler(event:IOErrorEvent):void {
trace("ioError occurred");
status.text = "Error";
}
}
}
和php代码:
$filename = "http://www.domain.com/audio/files" . $_GET['url'];
$archivo = "file.zip";
$len = filesize($filename);
$outname = $archivo;
header("Content-type: application/zip");
// Optional but the error is the same
//header("Expires: -1");
//header("Last-Modified: " . gmdate('D, d M Y H:i:s') . " GMT");
//header("Content-Transfer-Encoding: binary");
//header("Cache-Control: no-store, no-cache, must-revalidate");
//header("Cache-Control: post-check=0, pre-check=0");
//header("Pragma: no-cache");
//header("Content-Length:".$len);
//header("Content-Disposition: attachment; filename=".$outname);
readfile($filename);
非常感谢
答案 0 :(得分:1)
动作脚本完全在我的localhost上运行,我下载了zip文件。您应该检查PHP,您不需要使用http url来读取同一服务器上的文件。
$filename = "http://www.domain.com/audio/files" . $_GET['url'];
这一行确实是一个安全漏洞,黑客可以获取你的所有文件,你需要转义这个变量并检查文件名是否合法。