Maybe it's just me, but this: --
$type = $_GET['type']; $fileName = $_GET['filename'] . "." . $type; $mimeType = "application/$type"; if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE 5') or strpos($_SERVER['HTTP_USER_AGENT'], 'Opera 7')) $mimeType = 'application/x-download'; header("content-disposition: attachment; filename = \"$fileName\""); header("content-type: {$mimeType}"); readfile($fileName); where the link would be download.php?filename=mypdf&type=pdf -- looks terribly insecure to me -- I'm allowed to put whatever I want into the URL until I find something interesting? I think I'd start with download.php?filename=../htpasswd&type= ============================================================================== The information contained in this email and any attachment is confidential and may contain legally privileged or copyright material. It is intended only for the use of the addressee(s). If you are not the intended recipient of this email, you are not permitted to disseminate, distribute or copy this email or any attachments. If you have received this message in error, please notify the sender immediately and delete this email from your system. The ABC does not represent or warrant that this transmission is secure or virus free. Before opening any attachment you should check for viruses. The ABC's liability is limited to resupplying any email and attachments ============================================================================== ******************************************************************* List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *******************************************************************