StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
16945865
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
4
CommunityOwnedDate
CreationDate
2013-06-05T17:06:48.843
FavoriteCount
0
LastActivityDate
2013-06-05T19:51:26.023
LastEditDate
2013-06-05T19:51:26.023
LastEditorUserId
2145800
OwnerUserId
2145800
ParentId
16945383
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
You can check the referring website to see if it's your own with <code>.htaccess</code> <pre><code>RewriteEngine On RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@http?://\1/.* RewriteRule .*\.pdf [NC,F] </code></pre> That will fail with a forbidden directive (403 error). NC is case insensitivity. The server would need to be configured to show something in the event of a 403 error. In PHP Additionally you can check this sort of thing with a dynamic page that allows the download. Here's an example of how to do this with PHP: <pre><code><a href='/download.php?f=myfile&fd=mypath'>Download my PDF</a> </code></pre> We're taking the <code>.pdf</code> off of the name in the link for security reasons. You could do something like <code>base64_encode</code> the name, but this won't stop a knowledgeable attacker from trying to exploit your system. The <code>f</code> variable is the filename (pre-period) and the 'fd' would be the folder (or path). Example dirs could include <code>pdfs</code> or <code>resources/pdf</code>. It can't start or end with a <code>/</code>. We're not allowing periods in paths or filenames so someone can't do something like <code>pdf/../../..</code>. Code for <code>download.php</code> <pre><code><?php if((preg_match('!^[A-Za-z0-9_-]+$!',$_GET['f']))&&(preg_match('!^[^/][/A-Za-z0-9_-]+[^/]$!',$_GET['fd']))){ //we're hard-coding the line so someone can't spoof something like .htaccess $tempPath = $_GET['fd']; $tempFilename = $_SERVER['DOCUMENT_ROOT'].'/'.$tempPath.'/'.$_GET['f'].'.pdf'; //Make sure it's a real file if(is_file($tempFilename)){ $referrer = $_SERVER['HTTP_REFERER']; $serverName = $_SERVER['SERVER_NAME']; //check the referrer if(strpos($referrer, $serverName)){ $new_filename = $_GET['f'].'.pdf'; // We'll be outputting a PDF header('Content-type: application/pdf'); // It will be called downloaded.pdf $hString = 'Content-Disposition: attachment; filename="'.$new_filename.'"'; header($hString); // The PDF source is in original.pdf readfile($tempFilename); } else { //offsite link header('Location: /download_policy.php'); exit(); } } else { //maybe an old file? Give them the homepage header('Location: /'); exit(); } } else { //hacking attempt header('Location: /'); exit(); } ?> </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POShowing PDF's with blocking direct link (.htaccess)
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USAbsoluteƵERØ
UserOwnerUserId
1. USAbsoluteƵERØ
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POShowing PDF's with blocking direct link (.htaccess)
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.