Hi William,
I think that's what I'm looking for. One question. What do you mean "whitelist" the filepaths". My only reference point is email. "Whitelist" for me means that email address on my "whitelist" always get through, even though the spam software might initially think it's spam. Can you clarify?
Thanks,
Mark
On Aug 23, 2004, at 3:17 AM, william ross wrote:
On Sat, 21 Aug 2004, Mark Wheeler wrote:
I have a picture gallery I building for my family. When a movie or picture is displayed, I want them to be able to save it. But... if I just provide a link in the coding to the actual file, it will open up in the browser window and be displayed. Is there a way to have download, either automatically or by a "Save As..." dialog box, the file rather then displaying it? I hope that was clear. :)
This is untested, but I'm guessing that you could write a simple CGI script that takes the URL for an image as an argument -- maybe just using $ENV{'HTTP_QUERY_STRING'} so that the url can be simple like --
http://site/images/fetch.pl?path/to/image/file.jpg
-- and then have your script find "path/to/image/file.jpg" and spool it back to the client with a Content-type of "application/octet-stream" instead of "image/jpeg".\
No need. On apache, at least, you can change the mime-type in an .htaccess file. Assuming the AllowOverride settings permit it, which they normally would:
AddType application/octet-stream jpg
should do it. This will mean that jpegs in that directory can't ever be used on pages, but as long as your thumbnails are stored in another directory I expect that's ok.
if you prefer the control offered by the scripted approach, you will also need to think about file names, or it is likely that any downloaded image will arrive with the title of your script, display the wrong kind of icon and cause great confusion (especially if the intended audience struggles to right-click). The official but not always reliable way to deal with this is to send a Content-Disposition header as well as the Content-Type. Something like:
binmode STDOUT;
print "Content-Disposition: attachment;filename=$filename\n";
print "Content-Type: application/octet-stream\n\n";
print while <FILE>;is supposed to throw up a save dialog with $filename filled in. I think all modern browsers will work with this, but in the old days it was patchily supported. The older sneakier way is to use path-info rather than query string to pass in the file path. That gives a url like /download.pl/photos/unclebob.jpg, which the browser will usually do the right thing with.
And you will of course whitelist the file paths you are allowing people to download... :)
best
will
This can probably be done with about half a dozen lines of code, and if the browser is well behaved -- that'll be the part that's a pain to verify -- the alternate content type should force the right behavior.
Let me know if you find this description unclear...
-- Chris Devers [EMAIL PROTECTED] http://devers.homeip.net:8080/blog/
np: 'Ham 'n' Eggs' by A Tribe Called Quest from 'People's Instinctive Travels And Paths Of Rhythm'
