I have security question that i am not sure if this approach is safe and secure way to download a file and present to a web user ?
We have customers invoice files stored in a server location (publicly inaccessible location), then we do read them via the PHP code in a file (in public accessible location) like below,
I just wonder, if this way of
any other recommendation on how to handle similar situation ?
$i = $invoice->get(); $filename = sprintf(INV_PDF_FILENAME,$i['customerid'],date('Ymd',$i['dateIssued'])); $x = sprintf('/tmp/invoices/%s',$filename); header('Content-type: application/pdf'); header('Content-Disposition: attachment; filename="'.$filename.'"'); header('Expires: 0'); header('Pragma: cache'); header('Cache-Control: private'); readfile($x);