Jump to content

How to prevent media link from playing when clicked


t_machine

Recommended Posts

hi, I am wondering if anyone can help with this problem. I have a downloads page that lists media files(.mp3, .mov). The problem is that when the user clicks the link, the file opens inside their media player. How can I let the user see the "save as" dialog box instead of immediately playing the file.

 

Thanks for any help:)

Link to comment
Share on other sites

Orio, the script you linked to seems to have NO security concerning "../" paths and simple downloads of critical PHP files. Like the site mentions (but doesn't implement in the final script?!), you should always specify allowed download files, for example by serving allowed files via numbers (or different identifiers), and NOT file paths. Like serving the first specified allowed file when calling downloadscript.php?file=1 and so on.

Link to comment
Share on other sites

Thank you all very much for the help. The script Orio posted works perfect but I too am worried about the security issue.

My links are taken from a database so they are not included in the $_GET or $_POST method.

Will this still be a security issue for my site?

 

Example:

..mysql query

 

$filename = $row['url'];

 

I then use that $filename for the rest of the script. Will I be fine with that setup?

 

Thanks :)

Link to comment
Share on other sites

Orio, the script you linked to seems to have NO security concerning "../" paths and simple downloads of critical PHP files. Like the site mentions (but doesn't implement in the final script?!), you should always specify allowed download files, for example by serving allowed files via numbers (or different identifiers), and NOT file paths. Like serving the first specified allowed file when calling downloadscript.php?file=1 and so on.

 

I've attached the link because it works great when it comes to force downloads. Obviously when I used it in the past I've changed it completely- because most of the times I had to do stuff the concern MySQL etc'.

But the headers over there and all of the other settings the script is making makes force downloads work with all of the browsers and many file-types. That's why I think it's worth a look, and some copy-pasting :)

 

Orio.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.