I know that we should replace forwards slashes and for example explode the path and use the last element of the array as filename.
But why is the fordward slash converted to a hyphen / dash when using
header('Content-Disposition: attachment; filename="'.$local_file.'"');
when $local_file
is something like /file
the downloaded file has the filename -file
Is this behaviour described somewhere?
The rfc paper does not mention this, or does it? http://www.faqs.org/rfcs/rfc2183.html
This is client specific. Most browsers would just drop any path
/
prefixes. But transcoding forward slashes would be just as sound.It's alluded to in RFC2616, http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html, section 19.5.1
The rationale of course is, that HTTP payloads should not be extracted to any predefined path for security reasons.