Jump to content

Recommended Posts

<?php
$fname = isset($_POST['fname']) ? $_POST['fname'] : "";
$lname = isset($_POST['lname']) ? $_POST['lname'] : "";
$file=(glob("Recordings/$fname*$lname.pdf")) ;
//header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $file . '"'); 
header("Content-Length: " . filesize($file));
header('Content-Transfer-Encoding: binary'); 
header('Accept-Ranges: bytes'); 
// Read the file
//readfile($file);
print_r($file);   
?>

will print Recordings/John_Joe_Doe.pdf as expected. remove // from lines 5 & 11 and add // to line 12 and the browser opens a pdf page and says unable to load file.

Change line 4 to $file=("Recordings/$John_Joe_Doe.pdf"); and the pdf file will open in the browser.

Where am I going wrong?

Link to comment
https://forums.phpfreaks.com/topic/314481-help-displaying-a-pdf-file-using-php/
Share on other sites

Try this:

$fname = isset($_POST['fname']) ? $_POST['fname'] : "";
$lname = isset($_POST['lname']) ? $_POST['lname'] : "";
$path = "Recordings/$fname*$lname.pdf";
echo "About to search in $path<br>";
$file=glob($path);

See what the path turns out to be and see what you are dealing with.

On 1/30/2022 at 2:55 PM, requinix said:

Start by learning about arrays. The syntax you need is simple and mentioned on the page, but you'll probably learn some other things talked about on the page as you look for it.

I have exhausted everything I know what to do. I have gotten as far as I can. I have gotten from "Array ( [0] => John_Joe_Doe.pdf )" to "John_Joe_Doe.pdf1".

Nothing I do will get rid of the "1". Another clue pointing where to look would be apreciated.

1 hour ago, requinix said:

What's your current code?

I stumbled on the answer. I am still working through why it works. Here is my code.

<?php
$fname = isset($_POST['fname']) ? $_POST['fname'] : "";
$lname = isset($_POST['lname']) ? $_POST['lname'] : "";
$path = "$fname*$lname.pdf";
$a = glob($path);
$b=($a[0]);
$cd=($b);
$cc = ("$cd");   
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $cc . '"'); 
header("Content-Length: " . filesize($a));
header('Content-Transfer-Encoding: binary'); 
header('Accept-Ranges: bytes'); 
readfile($cc);
?>

20 hours ago, Darrell_G said:

I am still working through why it works.

Hard to know without being able to see what it was that didn't work.

But what you have isn't actually correct. And I don't just mean because of the significant remote file inclusion vulnerability you've created - one that would allow anyone to view any file that exists on your server, including PHP source code and configuration files and confidential files and really anything they can imagine.

$a = glob($path);
$b=($a[0]);
$cd=($b);
$cc = ("$cd");   

- $a will be an array of files matching the $path pattern. Good.
- $b will be the first file in the array. The parentheses don't do anything and are useless.
- $cd will be the same as $b. There's no point to having both $cd and $b. The parentheses don't do anything here either.
- $cc will be the value of $cd (a filename) put into a string (it was already a string) - or in other words, the same as $cd and $b. No point to this. And ditto about the parentheses here again.

Please, do yourself a favor and learn PHP. That way you will not have to stumble around anymore.

A non-obvious thing is your use of the Accept-Ranges header. Your script does not actually support ranges. Do not send this header because your server will be lying to the browser.

1 hour ago, requinix said:

I don't just mean because of the significant remote file inclusion vulnerability you've created - one that would allow anyone to view any file that exists on your server, including PHP source code and configuration files and confidential files and really anything they can imagine.

I made the changes you recommended and it works. Where is the remote file inclusion vulnerability? What is the cause?

20 minutes ago, Darrell_G said:

I made the changes you recommended and it works. Where is the remote file inclusion vulnerability? What is the cause?

I think the problem that I thought I had was caused by echo var_dump($a) and I was getting string(25) "John_Joe_Doe". I should have been using echo $a. 

Edited by Darrell_G

Actually, it looks like PHP itself protects you from the kind of attack I was thinking of. So that's nice. So not just any file can be read.

However your script will still let anyone read any PDF file that exists on your server. And it's simple: all they have to do is pass the right "fname" and "lname" values to create a $path that goes where they want it to go.

4 hours ago, Darrell_G said:

I think the problem that I thought I had was caused by echo var_dump($a) and I was getting string(25) "John_Joe_Doe". I should have been using echo $a. 

That would have been it, yes: var_dump would create some output on its own, then you would echo the true value that it returned (which would display as "1").

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.