我正在使用PHP强制下载脚本,如下所示: -
$file_Name = $_GET['name'];
$file_Url = $_GET['file'];
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=$file_Name");
header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: binary");
readfile($file_Url);
exit;
如果我的链接的网址如下: - /image.php?name=Germany.png&file=https%3A%2F%2Fmaps.google.com%2Fmaps%2Fapi %2Fstaticmap%3Fcenter%3D 德国%26zoom%3D15%26size%3D240x320%26maptype%3Droadmap%26mobile%3Dtrue%26sensor%3Dfalse ,所以它没有任何问题!
如果我在网址中包含空格(%20)并尝试访问它,则浏览器会向我显示"下载失败"!
示例网址: - /image.php?name=Image.png&file=https%3A%2F%2Fmaps.google.com%2Fmaps%2Fapi%2Fstaticmap%3Fcenter%三维的河%20Annan %26zoom%3D15%26size%3D240x320%26maptype%3Droadmap%26mobile%3Dtrue%26sensor%3Dfalse
那么,为什么会这样呢?它出了什么问题?
答案 0 :(得分:1)
用-替换空格,然后尝试阅读网址
$file_Name = $_GET['name'];
$file_Url = $_GET['file'];
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=$file_Name");
header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: binary");
echo readfile(str_replace(" ","-",$file_Url));
exit;
答案 1 :(得分:1)
这种情况发生了,因为相应的php文档,"超级全局$ _GET和$ _REQUEST已经被解码。",所以%20被空格取代。 以下代码应该有效:
readfile(urlencode($file_Url));
+1代码一般不安全