RFC 2231, Read it!

20 Mar, 2007  PHP

Many web apps use code similar to this:

header(’Content-Disposition: attachment;filename=’.$name);

Forgetting about header splitting here…

What is wrong? If the name has a space in it is violates RFC 2231.

Why? RFC 2231 allows for the use of extended characters within the filename, for example international characters.
Internet Explorer does not support internationalisation, and thus will read till the end of the line. (:: rolls eyes ::)

A fixed example:

rmnl() removes occurrences of \r and \n.

header(’Content-Disposition: attachment;filename=”‘.str_replace(’”‘, ‘-’, rmnl($name.’.m3u”‘)));

You also use addslashes() on $name, but be aware that some file systems won’t allow quotes (eg. NTFS) Firefox in that case automatically converts the ” into a -.

Regards,

Steven Roddis

Leave a Comment

Name:

E-mail:

Website:

Comment:

Recent Comments

  • Josir Gomes: Hi Steve, the meta-package ubuntu-desktop is bloated with huge softwares like OpenOffice, Evolution,...
  • hannah: your that good! ha ha, but seriously.
  • Wiras Adi: Yeah, mathematic operation in text-based CAPTCHA is very easy to break. And I don't think that many sites...
  • Gary: Phew! You saved me lots of hassle :-) The only problem I had was that $_SERVER[’HTTP_AUTHORIZATION ’]...
  • Stephen: To touch on the issue Vinay raised, I had to use the -wholename option on the find command to delete files...

Else wheres