我在wordpress网站上运行已修补的下载脚本。文件下载,没有扩展名,甚至当我手动更改扩展名时,文件似乎已损坏。我一直在测试pdf文件而没有运气。它似乎工作正常之前我得到的是损坏的文件。代码如下:
$resource = $wpdb->get_row("SELECT * FROM ". TABLE_RESOURCES . " WHERE ID = $resource_id",ARRAY_A);
$file_path = $resource['url'];
error_log($file_path);//https://xxxxxxx.wpengine.com/wp-content/uploads/2014/09/Notes_Rainy-Day-Games.pdf
$fname = $resource['name'];
error_log($fname);//Rainy Day Games Handout
$allowed_ext = array (
// archives
'zip' => 'application/zip',
// documents
'pdf' => 'application/pdf',
'csv' => 'text/csv',
'doc' => 'application/msword',
'docx' => 'application/msword',
'xls' => 'application/vnd.ms-excel',
'xlsx' => 'application/vnd.ms-excel',
'ppt' => 'application/vnd.ms-powerpoint',
'pptx' => 'application/vnd.openxmlformats- officedocument.presentationml.presentation',
'txt' => 'application/txt',
'rtf' => 'application/txt',
// executables
//'exe' => 'application/octet-stream',
// images
'gif' => 'image/gif',
'png' => 'image/png',
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'bmp' => 'image/bmp'
);
// Make sure program execution doesn't time out
set_time_limit(0);
// file size in bytes
$head = array_change_key_case(get_headers($file_path, TRUE));
$fsize = $head['content-length'];
$fext = strtolower(substr(strrchr($file_path,"."),1));
// check if allowed extension
if (!array_key_exists($fext, $allowed_ext))
{
die("Not allowed file type.");
}
// get mime type
if ($allowed_ext[$fext] == '')
{
$mtype = '';
// mime type is not set, get from server settings
if (function_exists('mime_content_type'))
{
$mtype = mime_content_type($file_path);
}
else if (function_exists('finfo_file'))
{
$finfo = finfo_open(FILEINFO_MIME); // return mime type
$mtype = finfo_file($finfo, $file_path);
finfo_close($finfo);
}
if ($mtype == '')
{
$mtype = "application/force-download";
}
}
else
{
// get mime type defined by admin
$mtype = $allowed_ext[$fext];
}
error_log($mtype); // application/pdf
// Browser will try to save file with this filename, regardless original filename.
// You can override it if needed.
if (!isset($_GET['fc']) || empty($_GET['fc']))
{
$asfname = $fname;
}
else
{
// remove some bad chars
$asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
if ($asfname === '') $asfname = 'untitled';
}
error_log($asfname);//Rainy Day Games Handout
// set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);
readfile("$file_path");