What best practices should be followed when creating PHP scripts to handle file listings and downloads?

When creating PHP scripts to handle file listings and downloads, it is important to ensure proper security measures are in place to prevent unauthorized access to sensitive files. This can be achieved by validating user input, sanitizing file paths, and implementing access control checks. Additionally, it is recommended to use PHP functions like `scandir()` for listing files and `readfile()` for downloading files securely.

&lt;?php
// Validate user input for file path
$file_path = $_GET[&#039;file&#039;];
if (!is_string($file_path) || strpos($file_path, &#039;..&#039;) !== false) {
    die(&#039;Invalid file path&#039;);
}

// Sanitize file path
$file_path = realpath(&#039;uploads/&#039; . $file_path);

// Check if file exists and is readable
if (file_exists($file_path) &amp;&amp; is_readable($file_path)) {
    // Set appropriate headers for file download
    header(&#039;Content-Type: application/octet-stream&#039;);
    header(&#039;Content-Disposition: attachment; filename=&quot;&#039; . basename($file_path) . &#039;&quot;&#039;);
    
    // Output file contents
    readfile($file_path);
} else {
    die(&#039;File not found or inaccessible&#039;);
}
?&gt;

Keywords

file listings downloads PHP scripts error handling security

What best practices should be followed when creating PHP scripts to handle file listings and downloads?

Keywords

Related Questions