0

I have these PHP headers that will force a download (Intranet site) that works on Chrome without prompting the popup, but I cannot avoid the popup warning in Internet Explorer 11 (Version 11.657.18362.0) on Windows 10.

I've tried adding to IE "intranet" site and "internet" site the internal server address this would run from (http://[server]), lower the security levels to the lowest settings for this zone under "intranet" and also "internet". Close and open Internet Explorer and it still has the popup warning.

Here is my PHP code below:

if ($_REQUEST['c']){
    $num = $_REQUEST['c'];
    $cmd = "test.exe $num";
    $ctype ="application/octet-stream";
    ob_end_clean();
    header('Content-Description: File Transfer');
    header('Content-Type:' . $ctype);
    header('Content-Disposition: attachment; filename="test.bat"');
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: no-cache, must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . strlen($cmd));
    echo($cmd);
    exit;
}

Additionally, once the bat file has downloaded, there is a separate AutoIt script on the user's computer that will scan the download folder for this specific file and will automatically run the file and delete it without the user having to do anything. The idea is to limit the user's clicking to just one time.

This is the popup that I get from IE when I click to download the bat file below:

enter image description here

Any ideas what's wrong or other suggestions around this?

Yodavish
  • 139
  • 2
  • 14
  • Does $ctype change? Based on your code, that part should be hard coded. – Mech Mar 02 '20 at 14:59
  • and I'm wondering if you need to put backslashes in... \"test.bat\" – Mech Mar 02 '20 at 15:01
  • 1
    @Mech currently no the $ctype does not change, but we might do that later on, So left it as a variable for now. I'll try adding the backslashes to the filename. – Yodavish Mar 02 '20 at 15:21
  • @Mech adding the black slash did not work unfortunately – Yodavish Mar 02 '20 at 15:34
  • Maybe this as a guide? https://stackoverflow.com/a/1221199/4101210 – Mech Mar 02 '20 at 15:35
  • @Mech Thanks for the suggestion. I've tried copying the stackoverflow PHP header suggested there, but it still has the warning popup. In both cases of the current PHP code or the link PHP code, both will download correctly, but it will not bypass the Internet Explorer popup warning. – Yodavish Mar 02 '20 at 16:17
  • What is the warning? – Mech Mar 02 '20 at 17:12
  • "Do you want to run or save test.bat(53 bytes) from php? This type of file could harm your computer. – Yodavish Mar 02 '20 at 18:20
  • Does this help? https://9to5it.com/internet-explorer-disable-do-you-want-to-open-or-save-this-file-prompt/ – Mech Mar 02 '20 at 18:29
  • Which kind of popup Warning? Can you help to capture a screenshot about the popup warning? Do you mean the IE browser will prevent the download? Whether this issue only occurs in the batch file? Try to download another type of file, and check whether it works well. – Zhi Lv Mar 03 '20 at 05:37
  • @ZhiLv-MSFT this is the popup I get: "Do you want to run or save test.bat(53 bytes) from php? This type of file could harm your computer." I've added it to the OP – Yodavish Mar 04 '20 at 13:56
  • @Mech thanks for the suggestion, I tried those suggestions listed in the link and it still did not work. I'm not sure if I'm adding the ".bat=batfile" value correctly to the regedit directly it suggested. – Yodavish Mar 04 '20 at 14:03

1 Answers1

0

I'm able to reproduce the problem, but it seems that IE browser will keep display this prompt when downloading the bat file for security reason, and we can't disable it.

As a workaround, I suggest you could convert the bat file to a ZIP file, and then download it. Here are some related threads about how to Zip files using JavaScript, you could check them:

How to create zip files using javascript?

How to Zip files using JavaScript?

Zhi Lv
  • 18,845
  • 1
  • 19
  • 30