下載流式傳輸器不會返回真實文件。錯誤的內容類型或MIME？

Question

Python應用程序說我通過PHP流媒體傳輸的zip文件不是zip文件。但是，winrar打開它們沒有問題。

這是它發送標題：

Content-disposition: filename=example.zip 
Content-type: application/zip; charset=binary 

我需要更多的/不同的頁眉？

下面是代碼：

<?php 
session_start(); 
if(!$_SESSION['directory']){ 
    print "Sorry, only logged in users can view downloads"; 
    exit; 
}; 
?> 
<?php 

$hidden_file_directory = "download/".$_SESSION['directory']; //Name of the directory where all the sub directories and files exists 
$file_path = $_GET['file']; //Get the file from URL variable 
$real_file_path = realpath("$hidden_file_directory/$file_path"); //Set the file path w.r.t the download.php... It may be different for u 
$filename = basename($real_file_path); 

if(dirname($real_file_path) != getcwd() ."/". $hidden_file_directory) 
    die("File does not exist."); 

if(file_exists($real_file_path)) { 
    $content_type = get_mime($real_file_path); 
    header("Content-disposition: filename=$filename"); //Tell the filename to the browser 
    header("Content-type: $content_type"); //Stream as a binary file! So it would force browser to download 
    readfile($real_file_path); //Read and stream the file 
} 
else { 
    echo "File does not exist."; 
} 


function get_mime($filename) { 

    $mime_types = array(

     'txt' => 'text/plain', 
     'htm' => 'text/html', 
     'html' => 'text/html', 
     'php' => 'text/html', 
     'css' => 'text/css', 
     'js' => 'application/javascript', 
     'json' => 'application/json', 
     'xml' => 'application/xml', 
     'swf' => 'application/x-shockwave-flash', 
     'flv' => 'video/x-flv', 

     // images 
     'png' => 'image/png', 
     'jpe' => 'image/jpeg', 
     'jpeg' => 'image/jpeg', 
     'jpg' => 'image/jpeg', 
     'gif' => 'image/gif', 
     'bmp' => 'image/bmp', 
     'ico' => 'image/vnd.microsoft.icon', 
     'tiff' => 'image/tiff', 
     'tif' => 'image/tiff', 
     'svg' => 'image/svg+xml', 
     'svgz' => 'image/svg+xml', 

     // archives 
     'zip' => 'application/zip', 
     'rar' => 'application/x-rar-compressed', 
     'exe' => 'application/x-msdownload', 
     'msi' => 'application/x-msdownload', 
     'cab' => 'application/vnd.ms-cab-compressed', 

     // audio/video 
     'mp3' => 'audio/mpeg', 
     'qt' => 'video/quicktime', 
     'mov' => 'video/quicktime', 

     // adobe 
     'pdf' => 'application/pdf', 
     'psd' => 'image/vnd.adobe.photoshop', 
     'ai' => 'application/postscript', 
     'eps' => 'application/postscript', 
     'ps' => 'application/postscript', 

     // ms office 
     'doc' => 'application/msword', 
     'rtf' => 'application/rtf', 
     'xls' => 'application/vnd.ms-excel', 
     'ppt' => 'application/vnd.ms-powerpoint', 

     // open office 
     'odt' => 'application/vnd.oasis.opendocument.text', 
     'ods' => 'application/vnd.oasis.opendocument.spreadsheet', 
    ); 

    $ext = strtolower(array_pop(explode('.',$filename))); 
    if (array_key_exists($ext, $mime_types)) { 
     return $mime_types[$ext]; 
    } 
    elseif (function_exists('finfo_open')) { 
     $finfo = finfo_open(FILEINFO_MIME); 
     $mimetype = finfo_file($finfo, $filename); 
     finfo_close($finfo); 
     return $mimetype; 
    } 
    else { 
     return 'application/octet-stream'; 
    } 
} 


?> 

編輯 - 我說：

if(dirname($real_file_path) != getcwd() ."/". $hidden_file_directory) 
    die("File does not exist."); 

當那些誰指出不安全。希望這會很安全。

Answer 1

我注意到某些瀏覽器所需要的文件名用雙引號或者他們不知道它是什麼，也許蟒蛇不相同。嘗試發送

header("Content-disposition: filename=\"$filename\""); 

而且你確定這是逸岸application/zip而不是application/x-zip-compressed？

注意：您直接從查詢字符串中使用文件名。如果我發送文件名爲file=..\..\..\..\..\..\systemdir\config.xml，該怎麼辦？也許你應該添加一些檢查。 basename（）就像你使用下一步可能是一個好主意。