Keep / Discard Google Chrome PHP download

Question

Possible Duplicate:
Getting around Chrome's Malicious File Warning

Code:

    /* 
     .... Code to authenticate to my mysql and verify that we are an legal user.
    */
    $type = mysql_result($AllResult, 0, 'file_type');
    $size = mysql_result($AllResult, 0, 'file_size');
    $name = mysql_result($AllResult, 0, 'file_name');
    $data = mysql_result($AllResult, 0, 'file_content');

    session_write_close();
    ob_clean();
    mysql_close();

    header("Content-Transfer-Encoding: binary");
    header("Content-type: $type");
    header("Content-length: $size");
    header("Content-Disposition: attachment;filename=$name");
    header("Content-Description: PHP Generated Data");
    echo "$data";

I have made a PHP code for downloading files from an longblob in my database and saving it to the users computer. This code is working perfectly on Opera and Firefox. However, on IE and google chrome - If the program is not having an Microsoft SmartScreen license - It will promt the dialog '...name... is not commonly downloaded and can harm your computer'

Illustration:

How it looks without license

However; I was wondering whether I could change the header, or If it is possible to get the dialog 'This file can harm your computer. Do you want to keep ..... anyways?' [KEEP] [DISCARD]

An illustration of what the dialog I am talking about: Discard / Keep

Update: I Have tried to use both inline and attachment for my Content-Disposition with same result

Please, don't use `mysql_*` functions to write new code. They are no longer maintained and the community has begun [deprecation process](http://goo.gl/KJveJ). See the [*red box*](http://goo.gl/GPmFd)? Instead you should learn about [prepared statements](http://goo.gl/vn8zQ) and use either [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). If you can't decide which, [this article](http://goo.gl/3gqF9) will help you. If you pick PDO, [here is good tutorial](http://goo.gl/vFWnC). — tereško, Sep 26 '12 at 17:25

score 0 · Answer 1 · answered Sep 27 '12 at 15:18

0

At least from the Chrome end, there will be no way to disable this notification. You are seeing the "This type of file can harm your computer" because the extension of your download is executable (i.e. .exe, .dll, etc.). This is probably also the case with Microsoft. I do know that Microsoft's system will quit complaining if the file is "commonly downloaded" (i.e they see a lot of people downloading the same file). It would be detrimental to users if there were a header which could get around this notification.

You could avoid this entirely, by making sure your download name has an extension such as .txt, .html, etc. that is not executable and thus not generally considered a high-priority threat by the browser venders.

answered Sep 27 '12 at 15:18

Reid Johnson

1,394
14
20

Thanks for the answers, however; by referring directly to to the file 'http://www.somewebsite/somefile.exe' it will change the complaint to keep / discard. Is there some more secure way to do this, than reffering directly to the file? – Rasmus Søborg Sep 27 '12 at 17:48
The file name I am referring to is that set with the header in your code in the line header("Content-Disposition: attachment;filename=$name"). There is no need to referr to any file directly. What are you currently setting the $name variable to for the scripts output? – Reid Johnson Oct 02 '12 at 18:16
$name variable is loaded from the database. It is originally set from $_FILES["file"]["name"] – Rasmus Søborg Oct 02 '12 at 18:21
When the $name variable is loaded, you are loading a name with a .exe, or .dll extension (executable) which is causing your header to tell the browser it is executable. Just remove the extension portion of the name and rename to .txt or another non-executable extension that will server your particular purpose and you should have no issues. If this is not the case, make sure that all of the characters in the pulled names are allowed by Windows in file names otherwise barfs and random renaming can happen. – Reid Johnson Oct 02 '12 at 19:29
Thanks for your assistance. However; got it working thanks to the answer available here: http://stackoverflow.com/a/9727960/1331739 =] – Rasmus Søborg Oct 03 '12 at 06:29
1

Very good. Glad that someone was able to get this fixed for you. – Reid Johnson Oct 03 '12 at 13:33

Keep / Discard Google Chrome PHP download

1 Answers1