| Why and wherefore file downloads [message #176653] |
Sat, 14 January 2012 18:43  |
Harry Putnam
Messages: 2
Registered: January 2012
Karma: 0
|
Junior Member |
|
|
I lifted something close to this off google, edited and now have it
working along with a cgi script of my own.
I'm way under skilled in this and I have noticed something remarkable
about the php part of the setup:
------- --------- ---=--- --------- --------
From_mohitsharma.net.php
php
<?php
// The file path where the file exists
$filepath = "**HERE**".$_GET['filename']."";
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
//setting content type of page
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=".basename($filepath ));
header("Content-Description: File Transfer");
//Read File it will start downloading
@readfile($filepath);
?>
------- --------- ---=--- --------- --------
Notice the asterisked `**HERE**' in line 2.
It does not seem to matter what I put there, the script still works.
I started out carefully putting the exact path there but later noticed
that it worked no matter what I put there.
Can anyone tell me why that is so?
------- --------- ---=--- --------- --------
The cgi that calls the php code is short so included below as well.
------- --------- ---=--- --------- --------
cgi (note that the actual files for download are in `DocumentRoot/fr/':
------- 8< snip ---------- 8< snip ---------- 8<snip -------
#!/usr/bin/perl
use strict;
use warnings;
use diagnostics;
my ($frdir,$reg, @files, $php);
$php = './Frommohitsharma.net.php';
$reg = qr/\.(html|php|cgi|shtml|css|swf|sw[op]|~)$/;
$frdir = "../fr/";
print "content-type: text/html\n\n";
print "<html> <head>
<title>Free stuff </title>
</head>
<h3> Assorted downloads </h3>
<body bgcolor=\"beige\">
<ul>\n";
opendir my $dh, "$frdir" or die "Can't open $frdir: $!";
## exclude files matching $reg
@files = grep {!/$reg/ && -f "$frdir/$_"} readdir $dh;
for(sort @files){
my $sz = (stat ("$frdir/$_"))[7];
if($sz){
$sz = ($sz / 1024.00 /1024.00 );
}
printf "%s %.2f %s\n", "<li> <h5><h3><a href=\"$php?filename=$_\"><font size=\"1\" color=\"black\">sz:", $sz," mb - </font> $_</h3></a>\n";
}
print "</ul>
</body></html>\n";
|
|
|
|
| Re: Why and wherefore file downloads [message #176654 is a reply to message #176653] |
Sat, 14 January 2012 23:06  |
M. Strobel
Messages: 386
Registered: December 2011
Karma: 0
|
Senior Member |
|
|
Am 14.01.2012 19:43, schrieb Harry Putnam:
---cut
> ------- --------- ---=--- --------- --------
> From_mohitsharma.net.php
>
> php
>
> <?php
> // The file path where the file exists
> $filepath = "**HERE**".$_GET['filename']."";
---cut
> @readfile($filepath);
> ?>
--------------cut
> ------- 8< snip ---------- 8< snip ---------- 8<snip -------
> #!/usr/bin/perl
>
> use strict;
> use warnings;
> use diagnostics;
>
> my ($frdir,$reg, @files, $php);
> $php = './Frommohitsharma.net.php';
your perl calls Frommohitsharma.net.php, but you print From_mohitsharma.net.php.
You are calling a different script.
This is the only explanation because the parameter filepath is used unchanged in the
readfile() function and it should not work if you change it.
BTW, this looks terribly unsecure.
/Str.
|
|
|
|
| Re: Why and wherefore file downloads [message #176678 is a reply to message #176654] |
Tue, 17 January 2012 01:01 |
Harry Putnam
Messages: 2
Registered: January 2012
Karma: 0
|
Junior Member |
|
|
"M. Strobel" <sorry_no_mail_here(at)nowhere(dot)dee> writes:
> Am 14.01.2012 19:43, schrieb Harry Putnam:
> ---cut
>> ------- --------- ---=--- --------- --------
>> From_mohitsharma.net.php
>>
>> php
>>
>> <?php
>> // The file path where the file exists
>> $filepath = "**HERE**".$_GET['filename']."";
> ---cut
>
>> @readfile($filepath);
>> ?>
> --------------cut
>
>> ------- 8< snip ---------- 8< snip ---------- 8<snip -------
>> #!/usr/bin/perl
>>
>> use strict;
>> use warnings;
>> use diagnostics;
>>
>> my ($frdir,$reg, @files, $php);
>> $php = './Frommohitsharma.net.php';
>
> your perl calls Frommohitsharma.net.php, but you print From_mohitsharma.net.php.
>
> You are calling a different script.
No, that is something added when I wrote this message, It was to
indicate the php script and typed wrong inadvertently, not a typo
exactly, more like a memory lapse.
But it would have no bearing on what gets called.
The script being called is whatever is in the variable $php and there
is only one such script available.
> This is the only explanation because the parameter filepath is used unchanged in the
> readfile() function and it should not work if you change it.
That is the odd part. Even if I do change it so that it doesn't really
point to the files, it still works.
For example, I just tried this:
$filepath = "".$_GET['filename'].""; # no path listed at all.
Yet I am still shown an mp3 to play or download.
And this:
$filepath = "/not".$_GET['filename'].""; ## wrong non-existent path
## listed
At first I thought it might be because the mp3s where in the same dir
as the php script. So I changed that just to find out.
The 1 lonesome mp3 has been moved to /test
I don't have root on the server but can control my little bit of it.
PS - do you mind explaining a bit in an off-group (via email) message,
what you mean by the bit about insecure?
Note: I do not munge my email address ... its real.
|
|
|
|
| Re: Why and wherefore file downloads [message #176692 is a reply to message #176678] |
Wed, 18 January 2012 08:21 |
M. Strobel
Messages: 386
Registered: December 2011
Karma: 0
|
Senior Member |
|
|
Am 17.01.2012 02:01, schrieb Harry Putnam:
> PS - do you mind explaining a bit in an off-group (via email) message,
> what you mean by the bit about insecure?
I mean there is nothing more inviting to poke around even for occasional users than
putting a download filename into the url.
/Str.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]