Comments on: Serving PDF Files through Symfony Controllers

By: Tam

Tam — Tue, 11 Jan 2011 14:39:01 +0000

thank you sir,

I’m looking for a way to write an image to the controller response. this seems to be what I need.

By: Oscar B.

Oscar B. — Wed, 08 Dec 2010 21:28:41 +0000

Delicious-ed >B

Thanks a lot, just what I needed, and it worked on first try!!!!!!!!!!
haha!!

By: Prasad

Prasad — Sat, 28 Aug 2010 14:23:16 +0000

Thanks, and very valid point raised by Sean

By: Peter

Peter — Tue, 13 Apr 2010 15:53:57 +0000

Great article Timo! Thanks a lot Keep them coming, symfony is great.

By: Kristof Taveirne

Kristof Taveirne — Sat, 02 Jan 2010 17:01:03 +0000

ALL RIGHT!
Thanks a lot!

Exactly what I was looking for!

By: Sean

Sean — Wed, 23 Dec 2009 16:19:20 +0000

There’s a potential security hole here that you may want to be wary of – the file path you accept is handed straight from the user… this is dangerous!

For example, say I visited
http://domain/media/..%2Fconfig%2Fdatabases.yml/download/1

Your script would then push out the content of your database config file – including your DB username, password, and domain! And then they can do all sorts of malicious things.

Essentially, since you’re not filtering your files and just concatenating it with the directory path, it’s possible to use “..” to navigate around the file system, and choose any file you want.

A better option is to provide some sort of restricted key that maps to a file path. That way, you have very tight control over which files will be served.

Happy coding!

By: Seb.

Seb. — Mon, 16 Nov 2009 14:15:40 +0000

Nice wrap up. You might also set the headers in the template:

$sf_response->clearHttpHeaders();
$sf_response->setContentType(‘application/pdf’);
$sf_response->setHttpHeader(‘Content-Disposition’, ‘attachment; filename=’ . $pdfFileName);

readfile($pdfFilePath);

By: Hassan

Hassan — Mon, 26 Oct 2009 03:01:33 +0000

Thank you very much for these clear explanations!

Exactly what I needed

By: News from the world of Symfony - September 2009

News from the world of Symfony - September 2009 — Tue, 29 Sep 2009 01:51:26 +0000

[...] them privately, or share them. The files, of course, need to be stored out of the document root. I found this article by Timo Haberkern of Symfony Zone very helpful: As we now use a Symfony-Controller you can do just use the complete Symfony infrastructure. You [...]

By: Aro

Aro — Thu, 27 Aug 2009 01:02:43 +0000

thx, it’s Exactly what i need!! I’m changing from java to php and symfony and I really need that. thx again