0

I have a html/php code as shown below which on click of a download button at Line Z executes a php file. The drop-down list which I have from the select element at Line A is:

  1. Hi
  2. Hello
  3. Good Morning
  4. Good Evening

Let us suppose, I have selected Hi from the dropdown list above. On hitting download button at Line Z, php file (hi.php) belonging to Hi dropdown gets executed.

<form method="get" action="fr_get.php">
    <h1>Report</h1>
    <select name="report"> <!-- Line A -->
        <?php
        foreach ($reports->getReports() as $report) {
            $users = $report->getAll('AllowedUser'); ?>

            <option value="<?= $report->path; ?>"><?= (is_array($users) && in_array('deleted',
                    $users) ? 'DELETED --- ' : '').$report->getFirst('Title'); ?></option>
            <?php
        }
        ?>
    </select>
    <div class="submit"><input type="submit" value="Download"/></div>   <!-- Line Z -->
</form>

The code inside fr_get.php is

<?php

$db = connect_mysql();

if (!is_admin()) {
    die('Access Denied.');
}

$report = $_GET['report'];

include($report);

Problem Statement:

I am wondering what changes I need to make in the php code above in the file fr_get.php so that on click of Download button at Line Z, report in the format of pdf or word gets downloaded.

flash
  • 1,455
  • 11
  • 61
  • 132
  • what is the code of `fr_get.php`? Presumably that is where it takes the selected option from the form and decides which php file to use. – ADyson Sep 16 '22 at 17:00
  • 1
    Change `readfile($report);` to `include($report);` and remove the download headers, unless of course you want to download the result. Be aware both methods are open to LFI vulnerability, you need to validate user inputs actually find a report file, not allow any file to be loaded. – Lawrence Cherone Sep 16 '22 at 17:54
  • @LawrenceCherone I have updated `readfile($report)` to `include($report)`. I am wondering which download headers do you want me to remove from the code. – flash Sep 16 '22 at 19:46
  • Content-Disposition: attachment; one – Lawrence Cherone Sep 16 '22 at 20:18
  • Does this answer your question? [Execute PHP function with onclick](https://stackoverflow.com/questions/19323010/execute-php-function-with-onclick) –  Sep 17 '22 at 04:03

0 Answers0