From: tgal at rdslink dot ro
Operating system: WindowsXP
PHP version: 4.4.2
PHP Bug Type: HTTP related
Bug description: fileopen through header
Description:
------------
Under php-4.3.10 this method works just fine. But with php-4.4.1 and
php-4.4.2 the application crashes(mostly MS Word, because I try to open
rtf documents and this is the default application).
The script uses header function to get the document from server.
Reproduce code:
---------------
to get the file:
<a href="fileopen.php?folder=subfolder&filename=file.rtf">file.rtf</a>
fileopen.php:
<?
if(!isset($_GET["folder"])) $_GET["folder"]=NULL;
if(!isset($_GET["subfolder"])) $_GET["subfolder"]=NULL;
if(!isset($_GET["id"])) $_GET["id"]=NULL;
if(!isset($_GET["filename"])) $_GET["filename"]=NULL;
if($_GET["folder"]=="somatie")
{
$name="../".$_GET["folder"]."/".$_GET["filename"];
}
else
{
if($_GET["subfolder"]!=NULL)
$name="../".$_GET["folder"]."/".$_GET["subfolder"]."/".$_GET["id"].str_replace("*","&",$_GET["filename"]);
else
$name="../".$_GET["folder"]."/".$_GET["id"].str_replace("*","&",$_GET["filename"]);
}
$file_extension=strtolower(substr(strrchr($_GET["filename"],"."),1));
switch($file_extension)
{
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "doc": $ctype="application/msword"; break;
case "csv":
case "xls": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
case "mp3": $ctype="audio/mpeg"; break;
case "wav": $ctype="audio/x-wav"; break;
case "mpeg":
case "mpg":
case "mpe": $ctype="video/mpeg"; break;
case "mov": $ctype="video/quicktime"; break;
case "avi": $ctype="video/x-msvideo"; break;
//The following are for extensions that shouldn't be downloaded
(sensitive stuff, like php files)
case "php":
case "htm":
case "html":
case "txt": die("<b>Cannot be used for ". $file_extension ."
files!</b>"); break;
default: $ctype="application/force-download";
}
// send the right headers
header("Pragma: no-cache");
header("Expires: 0");
header("Cache-Control: no-store, no-cache, must-revalidate,
post-check=0,
pre-check=0");
header("Content-Description: File Transfer");
header("Content-Type: $ctype");
header('Content-Disposition: attachment;
filename="'.$_GET["filename"].'";');
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($name));
// dump the picture and stop the script
@readfile($name);
exit;
?>
Expected result:
----------------
The file should be opened with the default application.
Actual result:
--------------
Default application crashes.
--
Edit bug report at http://bugs.php.net/?id=36734&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=36734&r=trysnapshot44
Try a CVS snapshot (PHP 5.1):
http://bugs.php.net/fix.php?id=36734&r=trysnapshot51
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=36734&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=36734&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=36734&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=36734&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=36734&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=36734&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=36734&r=support
Expected behavior: http://bugs.php.net/fix.php?id=36734&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=36734&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=36734&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=36734&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36734&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=36734&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=36734&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=36734&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=36734&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=36734&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=36734&r=mysqlcfg
