logo标签列表

文件下载的HTTP头部信息

phphttp-headersdownloadcontent-type
59

我编写了一个PHP脚本来处理文件下载,确定请求的文件并设置正确的HTTP头以触发浏览器实际下载文件(而不是在浏览器中显示它)。

现在有一些用户报告某些文件被错误地识别为GIF图像(因此无论扩展名如何,浏览器都会认为它是GIF图像)。我猜这是因为我没有在响应头中设置“Content-type ”。这最有可能是情况吗?如果是,则是否有一种相当通用的类型可用于所有文件,而不是尝试考虑每种可能的文件类型?

目前,我只设置值“Content-disposition: attachment; filename=arandomf.ile”

更新:我按照这里的指南构建了更强大的文件下载进程(http://w-shadow.com/blog/2007/08/12/how-to-force-file-download-with-php/) ,但脚本执行和浏览器下载对话框出现之间存在显著延迟。有人能否确定导致这种情况的瓶颈是什么?

这是我的实现:

/**
 * Outputs the specified file to the browser.
 *
 * @param string $filePath the path to the file to output
 * @param string $fileName the name of the file
 * @param string $mimeType the type of file
 */
function outputFile($filePath, $fileName, $mimeType = '') {
    // Setup
    $mimeTypes = array(
        'pdf' => 'application/pdf',
        'txt' => 'text/plain',
        'html' => 'text/html',
        'exe' => 'application/octet-stream',
        'zip' => 'application/zip',
        'doc' => 'application/msword',
        'xls' => 'application/vnd.ms-excel',
        'ppt' => 'application/vnd.ms-powerpoint',
        'gif' => 'image/gif',
        'png' => 'image/png',
        'jpeg' => 'image/jpg',
        'jpg' => 'image/jpg',
        'php' => 'text/plain'
    );
    
    $fileSize = filesize($filePath);
    $fileName = rawurldecode($fileName);
    $fileExt = '';
    
    // Determine MIME Type
    if($mimeType == '') {
        $fileExt = strtolower(substr(strrchr($filePath, '.'), 1));
        
        if(array_key_exists($fileExt, $mimeTypes)) {
            $mimeType = $mimeTypes[$fileExt];
        }
        else {
            $mimeType = 'application/force-download';
        }
    }
    
    // Disable Output Buffering
    @ob_end_clean();
    
    // IE Required
    if(ini_get('zlib.output_compression')) {
        ini_set('zlib.output_compression', 'Off');
    }
    
    // Send Headers
    header('Content-Type: ' . $mimeType);
    header('Content-Disposition: attachment; filename="' . $fileName . '"');
    header('Content-Transfer-Encoding: binary');
    header('Accept-Ranges: bytes');
    
    // Send Headers: Prevent Caching of File
    header('Cache-Control: private');
    header('Pragma: private');
    header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
    
    // Multipart-Download and Download Resuming Support
    if(isset($_SERVER['HTTP_RANGE'])) {
        list($a, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);
        list($range) = explode(',', $range, 2);
        list($range, $rangeEnd) = explode('-', $range);
        
        $range = intval($range);
        
        if(!$rangeEnd) {
            $rangeEnd = $fileSize - 1;
        }
        else {
            $rangeEnd = intval($rangeEnd);
        }
        
        $newLength = $rangeEnd - $range + 1;
        
        // Send Headers
        header('HTTP/1.1 206 Partial Content');
        header('Content-Length: ' . $newLength);
        header('Content-Range: bytes ' . $range - $rangeEnd / $fileSize);
    }
    else {
        $newLength = $fileSize;
        header('Content-Length: ' . $fileSize);
    }
    
    // Output File
    $chunkSize = 1 * (1024*1024);
    $bytesSend = 0;
    
    if($file = fopen($filePath, 'r')) {
        if(isset($_SERVER['HTTP_RANGE'])) {
            fseek($file, $range);
            
            while(!feof($file) && !connection_aborted() && $bytesSend < $newLength) {
                $buffer = fread($file, $chunkSize);
                echo $buffer;
                flush();
                $bytesSend += strlen($buffer);
            }
            
            fclose($file);
        }
    }
}
这里有类似的问题:http://stackoverflow.com/questions/33946612/php-download-script-outputs-corrupted-file - WebICT By Leo
4个回答
73

正如Alex的链接所解释的那样,您可能在Content-Type之上缺少头部Content-Disposition

因此,应该像这样:

Content-Disposition: attachment; filename="MyFileName.ext"
6
我认为应该写成 attachment; filename="MyFileName.ext",请参考 https://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html。 - B Seven
41
根据RFC 2046(多用途互联网邮件扩展)的规定:

对于接收到“application/octet-stream”实体的实现,建议采取的措施是简单地提供将数据放入文件的选项。

所以我会选择这个选项。

2
我同意 - application/octet-stream 告诉浏览器它是一个通用的二进制文件,这将导致它保存到磁盘。 - Marc Novakowski
22
但是 Content-disposition 更为准确。https://dev59.com/-2Ij5IYBdhLWcg3wNyn1 - Paul Draper
9
您可以尝试使用这个强制下载脚本。即使您不使用它,它也可能指引您朝着正确的方向前进:
<?php

$filename = $_GET['file'];

// required for IE, otherwise Content-disposition is ignored
if(ini_get('zlib.output_compression'))
  ini_set('zlib.output_compression', 'Off');

// addition by Jorg Weske
$file_extension = strtolower(substr(strrchr($filename,"."),1));

if( $filename == "" ) 
{
  echo "<html><title>eLouai's Download Script</title><body>ERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath</body></html>";
  exit;
} elseif ( ! file_exists( $filename ) ) 
{
  echo "<html><title>eLouai's Download Script</title><body>ERROR: File not found. USE force-download.php?file=filepath</body></html>";
  exit;
};
switch( $file_extension )
{
  case "pdf": $ctype="application/pdf"; break;
  case "exe": $ctype="application/octet-stream"; break;
  case "zip": $ctype="application/zip"; break;
  case "doc": $ctype="application/msword"; break;
  case "xls": $ctype="application/vnd.ms-excel"; break;
  case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
  case "gif": $ctype="image/gif"; break;
  case "png": $ctype="image/png"; break;
  case "jpeg":
  case "jpg": $ctype="image/jpg"; break;
  default: $ctype="application/octet-stream";
}
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers 
header("Content-Type: $ctype");
// change, added quotes to allow spaces in filenames, by Rajkumar Singh
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
readfile("$filename");
exit();
3
请注意,Content-Type: application/force-downloadContent-Transfer-Encoding: binary 不是HTTP标准。虽然它们在某些情况下可能有效,但在此处没有用处。RFC2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 - Flo Schild
1
"application/force-download" 不是最佳默认值;"application/octet-stream" 更好。 - Brian
0

更少的代码和一些安全改进

    <?php

$filename = filter_input(INPUT_GET,'file'); // recommended solution replaced by MalcolmX

// required for IE, otherwise Content-disposition is ignored
if(ini_get('zlib.output_compression'))
  ini_set('zlib.output_compression', 'Off');

if(!file_exists($filename)) 
{
  echo "<script>alert('File is not available, check file name');</script>";
}; // filename empty doesn't exist too - MalcolX

// theres mimetype implemented in PHP - MalcolmX
$ctype= mime_content_type($filename);
}
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers 
header("Content-Type: $ctype");
// change, added quotes to allow spaces in filenames, by Rajkumar Singh
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
readfile($filename); // and ofcourse quotes not necessary
exit();
你的回答可以通过提供更多支持信息来改进。请编辑以添加进一步的细节,例如引用或文档,以便他人可以确认你的答案是正确的。您可以在帮助中心中找到有关如何编写良好答案的更多信息。 - Community
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接