', '{', '}', ':', ';', '|', '"', '~', '`', '@', '#', '$', '%', '^', '&', '*', '?'); $replace = array('','', '', '(', ')', '(', ')', '_', ',', '_', '', '_', '\'', '_', '_', '_', '_', '_', '_', '', ''); $filename = str_replace($illegal, $replace, $filename); //$filename = preg_replace('/([\\x00-\\x1f\\x7f\\xff]+)/', '', $filename); $filename = $_SERVER['DOCUMENT_ROOT']."/sites/default/files/".$filename; $realname = $_REQUEST['name']; // $filename 내에 저장된 파일 풀 경로를 가지고 있다고 가정 if (!is_file($filename)) { echo ""; die('File download error.'); } $filepath = str_replace('\\', '/', realpath($filename)); $filesize = filesize($filepath); $filename = substr(strrchr('/'.$filepath, '/'), 1); $extension = strtolower(substr(strrchr($filepath, '.'), 1)); // $filename '../' 포함여부 다시 체크 제한 if(strstr($filename,"../")) { echo ""; die('File download error.'); } // $filename 파일 확장자 제한 $allowext = array('hwp','HWP','doc','DOC','docx','DOCX','zip','PDF','pdf','xls','XLS'); if(!in_array($extension, $allowext)) { echo ""; die('File download error.'); } //IE인가 HTTP_USER_AGENT로 확인 $ie= isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE')||strpos($_SERVER['HTTP_USER_AGENT'], 'rv:11')||strpos($_SERVER['HTTP_USER_AGENT'], 'Edge')) !== false; //IE인경우 한글파일명이 깨지는 경우를 방지하기 위한 코드 if( $ie ){ $realname = iconv('utf-8', 'euc-kr', $realname); } //기본 헤더 적용 $mime = array('application/octet-stream'); header('Content-Type: '.$mime); header('Content-Disposition: attachment; filename="'.$realname.'"'); header('Content-Transfer-Encoding: binary'); header('Content-Length: '.sprintf('%d', $filesize)); header('Expires: 0'); // IE를 위한 헤더 적용 if( $ie ){ header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Pragma: no-cache'); } //해당 파일을 binary로 읽어와 출력 $handle = fopen($filepath, 'rb'); fpassthru($handle); fclose($handle); ob_end_flush(); /*define('DRUPAL_ROOT',dirname(dirname(dirname(dirname(dirname(__FILE__)))))); require_once dirname(dirname(dirname(dirname(dirname(__FILE__))))) . '/includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); require_once(dirname(__FILE__).'/functions/functions.users.php'); $path = "public://SC_3.hwp"; $filename = "SC_3.hwp"; echo "path:".$path; echo "filesize:".filesize($path); $file = '/var/www/si/sites/default/files/SC_3.hwp'; header('Content-Type: application/octet-stream'); header('Content-Length: ' . filesize($file)); header('Content-Disposition: attachment; filename=' . basename($file)); readfile($file); */ /* file_transfer($path, array('Content-Type' => 'application/octet-stream', 'Content-Disposition' => 'attachment; filename="' . 'SC_3.hwp' . '"', 'Content-Length' => filesize($path)));*/ ?>