force-downloaded report file flooded with HTML by mistake

PHP Code:

class ReportGenerator {

function ReportGenerator() {}

/**

* Generate the HTTP headers necessary for this file type.  Can be
called statically

*

* @access public

* @param mixed $filename
* @see file_get_contents
* @see actual_path

*/

function &generateHTTPHeaders($filename) {                    // STATIC VOID METHOD



if (!preg_match('/.+\.[a-zA-Z0-9\-_]+$/i', $filename)) die("Filename:
\"$filename\" must have an extension");


$ext = substr($filename, strrpos($filename, '.') + 1,
strlen($filename));



switch (strtolower(trim($ext))) {

case 'pdf':

$ctype = 'application/pdf';

break;

case 'exe':

$ctype = 'application/octet-stream';

break;

case 'zip':

$ctype = 'appliation/zip';

break;

case 'doc':

$ctype = 'application/msword';

break;

case 'xls':

$ctype = 'application/vnd.ms-excel';

break;

case 'csv':

$ctype = 'application/vnd.ms-excel';

break;

case 'ppt':

$ctype = 'application/vnd.ms-powerpoint';

break;

case 'gif':

$ctype = 'image/gif';

break;

case 'png':

$ctype = 'image/png';

break;

case 'jpg':

$ctype = 'image/jpg';

break;

case 'jpeg':

$ctype = 'image/jpg';

break;

default:

$ctype = 'application/force-download';

break;

}



header('Pragma: public');

header('Expires: 0');

header('Cache-Control: must-revalidate, post-check=0, pre-check=0');

header("Content-Type: $ctype");

$user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);

if ((is_integer(strpos($user_agent, 'msie'))) &&
(is_integer(strpos($user_agent, 'win')))) {

header('Content-Disposition: filename=' .
basename(actual_path($filename)) . ';');

} else {

header('Content-Disposition: inline; filename=' .
basename(actual_path($filename)) . ';');

}

header('Content-Transfer-Encoding: binary');

header('Content-Length: ' . @filesize(actual_path($filename)));

if (function_exists('file_get_contents')) {

echo @file_get_contents(actual_path($filename));

} else {

@readfile(actual_path($filename));

}

}


} 


The class method generateHTTPHeaders() can be called statically to
force-download a file (Excel, CSV, PDF, etc.) per customer requirement.
However, upon attempting to do so:

PHP Code:

// REAL IMPORTANT!!! CHMOD OR THE WORLD CAN SEE YOUR REPORTS!!!!!!!
if ($this->isSuccessful) @chmod(0770,
actual_path($newReportFileName));                // CHANGE PERMISSIONS (IF IN UNIX)
TO PREVENT WORLD FROM ACCESSING FILE
if ($this->isSuccessful)
ReportGenerator::generateHTTPHeaders($newReportFileName);    // THIS
CAUSES THE FORCED DOWNLOAD
@unlink(actual_path($newReportFileName));                                        // FILE HAS BEEN
FORCE-DOWNLOADED AND IS NO LONGER NEEDED ON SERVER
@unlink(actual_path($reportFileName));                                            // REMOVE THE
TEMPORARY FILE AS WELL, PROVIDED IT EXISTS AND/OR YOU CAN
if ($this->isSuccessful) exit(); 


The force-downloaded file you get is completely flooded with HTML,
particularly the HTML of the page itself! I do not understand how this
is possible, particularly since I ran careful traces up until the
headers are spawned, and the resulting file contents are legitimate
report data (no HTML) up until you generate the headers at the end of
the method, then suddenly HTML pours in like a breached levee!

Any ideas? This is as much code as I am able to display that would be
relevant to the problem, I'm afraid.

Thanx
Phil

Jerry Stuckle wrote:
> comp.lang.php wrote:
> > [php]
>
> <code snipped>
>
> >
> > The force-downloaded file you get is completely flooded with HTML,
> > particularly the HTML of the page itself! I do not understand how this
> > is possible, particularly since I ran careful traces up until the
> > headers are spawned, and the resulting file contents are legitimate
> > report data (no HTML) up until you generate the headers at the end of
> > the method, then suddenly HTML pours in like a breached levee!
> >
> > Any ideas? This is as much code as I am able to display that would be
> > relevant to the problem, I'm afraid.
> >
> > Thanx
> > Phil
> >
>
> Phil,
>
> You're telling us you're getting additional stuff out, but you aren't showing
> use all the code involved. Sorry, we don't have crystal balls. It would be
> virtually impossible to answer your question without all the code involved.
>

Sorry there was no way I could display any more code since it would
involve about 5 scripts @ 3000 lines each to show you all of the code
involved. And since it's government-proprietary in this case, I can't
do that.

However, it works now.. turns out that it misbehaves if you use
Konqueror, otherwise, it's just fine in IE and Firefox (both Win and
Linux)

Phil

>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================

comp.lang.php wrote:
> [php]

<code snipped>

>
> The force-downloaded file you get is completely flooded with HTML,
> particularly the HTML of the page itself! I do not understand how this
> is possible, particularly since I ran careful traces up until the
> headers are spawned, and the resulting file contents are legitimate
> report data (no HTML) up until you generate the headers at the end of
> the method, then suddenly HTML pours in like a breached levee!
>
> Any ideas? This is as much code as I am able to display that would be
> relevant to the problem, I'm afraid.
>
> Thanx
> Phil
>

Phil,

You're telling us you're getting additional stuff out, but you aren't showing
use all the code involved. Sorry, we don't have crystal balls. It would be
virtually impossible to answer your question without all the code involved.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================