Page 1 of 1
Open attachments on page.html
Posted: Wed Dec 18, 2013 4:36 pm
by jeffjames
Script URL:
Version of script: 2.4.2
Hosting company:
URL of phpinfo.php:
URL of session_test.php:
What terms did you try when SEARCHING for a solution:
Write your message below:
hello,
there is the possibility of opening attachments .pdf or image on a page .html rather than download it as a download?
Re: Open attachments on page.html
Posted: Wed Dec 18, 2013 5:22 pm
by Klemen
I strongly discourage doing that. The reason attachments are hidden then read and forced as a download is to make sure no malicious code can be executed.
You could open them directly in browser by modifying download_attachments.php file. Just ABOVE the very first line starting with
you could use something like
Code: Select all
$open_directly = array(
'pdf',
'jpg',
'jpeg',
'gif',
'png',
'txt',
);
if ( isset($open_directly[strtolower(pathinfo($file['real_name'], PATHINFO_EXTENSION))]) )
{
header('Location: ' . $realpath);
exit();
}
This will open attachments with the extensions listed directly in browser.
But again, I really discourage doing this. Use at your own risk.
Re: Open attachments on page.html
Posted: Wed Dec 18, 2013 9:57 pm
by jeffjames
Thanks Klemen but i dont find header in file download_attachments.php.
If i undestand will erase all content and put this code?
Is this?
Re: Open attachments on page.html
Posted: Thu Dec 19, 2013 10:08 am
by Klemen
No, it's definitely there inside the "download_attachment.php" file.
Should be towards the end of the file, several lines starting with header and this code should go just above the first header line.
Make sure you open the source file inside a text editor.
Re: Open attachments on page.html
Posted: Thu Dec 19, 2013 2:16 pm
by jeffjames
thanks Klemen but put only the code after Header, files open with 0 size.
Some idea?
part of file after line 122:
/* Send the file as an attachment to prevent malicious code from executing */
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . $file['size']);
header('Content-Disposition: attachment; filename=' . $file['real_name']);
$open_directly = array(
'pdf',
'jpg',
'jpeg',
'gif',
'png',
'txt',
);
if ( isset($open_directly[strtolower(pathinfo($file['real_name'], PATHINFO_EXTENSION))]) )
{
header('Location: ' . $realpath);
exit();
}
/*
$realpath = $hesk_settings['server_path'].'/attachments/'.$file['saved_name'];
$chunksize = 1 * (1024 * 1024);
if ($file['size'] > $chunksize)
{
$handle = fopen($realpath, 'rb');
$buffer = '';
while ( ! feof($handle))
{
set_time_limit(300);
$buffer = fread($handle, $chunksize);
echo $buffer;
flush();
}
fclose($handle);
}
else
{
readfile($realpath);
}
exit();*/
?>
Re: Open attachments on page.html
Posted: Fri Dec 20, 2013 7:31 am
by Klemen
My instructions were different: add that piece of code ABOVE (before) the first header line. I did not say other lines need to be commented out.
You should just add my code BEFORE
Code: Select all
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
So it looks like
Code: Select all
$open_directly = array(
'pdf',
'jpg',
'jpeg',
'gif',
'png',
'txt',
);
if ( isset($open_directly[strtolower(pathinfo($file['real_name'], PATHINFO_EXTENSION))]) )
{
header('Location: ' . $realpath);
exit();
}
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
Do not edit or delete (uncomment) any other part of code.
Re: Open attachments on page.html
Posted: Fri Dec 20, 2013 10:44 am
by jeffjames
Many thanks Klemen
My apologies for the lack of attention.
I am evaluating the system and it seems really very interesting.
Many thanks again!