WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] 403 - Trying to download an image (5 posts)

  1. 123ben
    Member
    Posted 1 year ago #

    Hi,

    I have a download link on my website for different images. This is the href:

    https:/my-domain.com/content/plugins/myplugin/download.php?file=https://my-domain.com/path/to/image/image.jpg

    The download.php looks like this:

    <?php
    $file_url = $_GET['file'];
    function retrieve_remote_file_size($url){
     $ch = curl_init($url);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
     curl_setopt($ch, CURLOPT_HEADER, TRUE);
     curl_setopt($ch, CURLOPT_NOBODY, TRUE);
     $data = curl_exec($ch);
     $size = curl_getinfo($ch, CURLINFO_CONTENT_LENGTH_DOWNLOAD);
     curl_close($ch);
     return $size;
    }
    $filesize = retrieve_remote_file_size($file_url);
    if($filesize != -1){
      if($filesize < 52428800){
        if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off');
        header("Pragma: public"); // required
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private",false); // required for certain browsers
        header('Content-Type: application/force-download');
        header("Content-Transfer-Encoding: Binary");
        header("Content-disposition: attachment; filename=\"".basename($file_url)."\"");
        header("Content-Length: ".$filesize);
        @readfile($file_url);
      }else{
        echo 'The requested file is too large.';
      }
    }else{
      header('HTTP/1.0 404 Not Found');
    }
    exit;

    When I click the link my browser tells me that the file size is 0 bytes (which of course isn't true).

    In the BPS error log this is all I got (remote_addr, host name and request uri altered):

    >>>>>>>>>>> 403 GET or Other Request Error Logged - July 8, 2013 - 23:13 <<<<<<<<<<<
    REMOTE_ADDR: 11.111.111.111
    Host Name: my-domain.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /path/to/image/image.jpg
    QUERY_STRING:
    HTTP_USER_AGENT:

    I don't know what to do. Could someone please give me a hint which custom code have to be entered?

    All the best
    Ben

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Your User Agent is blank so this may or may not be the problem, but either way you do not want to have a blank User Agent. And you should also add follow location.

    Not real sure about the Header and Body options since I have never used them before but something seems off/contradictory. In any case a cURL file download only requires a couple of simple options - see this simple example - http://www.phpriot.com/articles/download-with-curl-and-php

    CURLOPT_HEADER	=> true, // TRUE return headers - False don't return headers
    CURLOPT_NOBODY	=> true, // TRUE to exclude the body from the output. Request method is then set to HEAD.
    curl_setopt($ch, CURLOPT_USERAGENT, 'Add a User Agent here');
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

    Have you put BPS in Default Mode and deactivated the wp-admin BulletProof Mode for testing? Does the cURL download script work?

  3. 123ben
    Member
    Posted 1 year ago #

    Thanks for your respond. I tried the script with no luck too. It doesn't work with BPS in Default Mode either. I don't know at which point the problem occurs. I also asked the plugin developer for guidance...

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep, if the script does not work when BPS is in Default Mode then it is a problem with the download script itself.

    Here is an example of a simple working cURL download script.

    $url  = 'http://www.example.com/some-file.zip';
    $path = 'C:\xampp\htdocs\demo/some-file.zip';
    $useragent = 'MyFileGrabber';
    
       $ch = curl_init($url);
    
       curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
       curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
       curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
       curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
    
       $data = curl_exec($ch);
    
          if ( curl_errno($ch) ) {
    
             echo 'Curl error: ' . curl_error($ch);
    
          } else {
    
             $info = curl_getinfo($ch);
    
          echo 'Success! Took ' . $info['total_time'] . ' seconds to send a request to ' . $info['url'].'<br>';
          echo 'Downloaded File Path: ' . $path;
          }
    
       curl_close($ch);
       file_put_contents($path, $data);
  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Resolving since this is not an issue/problem with BPS.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic