使用瑞典字符 (åäö) 文件名强制下载

Question

使用瑞典字符 (åäö) 文件名强制下载

Jon*_*der 5 php special-characters force-download

我使用以下代码和函数来强制下载文件，如果文件名不包含瑞典语字符，则效果很好\xc3\x85 \xc3\x84 \xc3\x96.

\n\n

$file_id = $_GET[\'f\'];\n\n$sql =  " SELECT * ".\n            " FROM attachment ".\n            " WHERE attachment_id = ".$file_id." ".\n\n            $res = mysql_query($sql);\n            $row = mysql_fetch_array($res);\n            $filename = $row[\'filename\'];\n            $USER_ID = $row[\'user_id\'];\n            $Directory_id = $row[\'directory_id\'];\n            $target_path = "upload/".$USER_ID."/".$Directory_id."/";\n\n\nfunction Download($path, $speed = null)\n{\n    if (is_file($path) === true)\n    {\n        $file = @fopen($path, \'rb\');\n        $speed = (isset($speed) === true) ? round($speed * 1024) : 524288;\n\n        if (is_resource($file) === true)\n        {\n            set_time_limit(0);\n            ignore_user_abort(false);\n\n            while (ob_get_level() > 0)\n            {\n                ob_end_clean();\n            }\n\n            header(\'Expires: 0\');\n            header(\'Pragma: public\');\n            header(\'Cache-Control: must-revalidate, post-check=0, pre-check=0\');\n            header(\'Content-Type: application/octet-stream\');\n            header(\'Content-Length: \' . sprintf(\'%u\', filesize($path)));\n            header(\'Content-Disposition: attachment; filename="\' . basename($path) . \'"\');\n            header(\'Content-Transfer-Encoding: binary\');\n\n            while (feof($file) !== true)\n            {\n                echo fread($file, $speed);\n\n                while (ob_get_level() > 0)\n                {\n                    ob_end_flush();\n                }\n\n                flush();\n                sleep(1);\n            }\n\n            fclose($file);\n        }\n\n        exit();\n    }\n\n    return false;\n\n    }\nDownload($target_path.$filename);\n

Run Code Online (Sandbox Code Playgroud)\n\n

我尝试将其放在页面顶部：

\n\n

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>\n

Run Code Online (Sandbox Code Playgroud)\n\n

和：

\n\n

$filename = urlencode($filename); \n

Run Code Online (Sandbox Code Playgroud)\n\n

或者：

\n\n

$filename =  htmlentities($filename, ENT_QUOTES, "UTF-8");\n

Run Code Online (Sandbox Code Playgroud)\n\n

但还是同样的问题，打不开。但如果文件名包含正常的英文字符，那么它就可以正常工作。

\n\n

您对我可以在该功能中添加或实现什么有什么建议吗？您能提供的任何帮助将不胜感激。

\n

Answer 1

bes*_*rld 0

确保 html 文档中有 utf8 编码（<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>)

尝试更换

$filename = $row['filename'];

Run Code Online (Sandbox Code Playgroud)

和

$filename = iconv("UTF-8", "ISO-8859-1//TRANSLIT", $row['filename']);

Run Code Online (Sandbox Code Playgroud)

所以你的代码看起来像：

$file_id = $_GET['f'];

$sql =  " SELECT * ".
            " FROM attachment ".
            " WHERE attachment_id = ".$file_id." ".

            $res = mysql_query($sql);
            $row = mysql_fetch_array($res);
            $filename = iconv("UTF-8", "ISO-8859-1//TRANSLIT", $row['filename']);   
            $USER_ID = $row['user_id'];
            $Directory_id = $row['directory_id'];
            $target_path = "upload/".$USER_ID."/".$Directory_id."/";

Run Code Online (Sandbox Code Playgroud)

但后来为了它。不要使用 mysql() 函数。使用 mysqli 或 PDO 代替占位符。您的代码广泛用于 sql 注入攻击。

归档时间：	11 年，7 月前
查看次数：	1955 次
最近记录：	11 年，7 月前