(adsbygoogle = window.adsbygoogle || []).push({}); Well lately I've been seeing alot of websites with eLouai's download script, the problem
with this is the script allows you to view any file that the user running the webserver
service can view, This is called LFD (Local File Disclosure).

I've made a script that forces downloads but also checks them against a list of downloadable
files to see if a user is trying to exploit the downloader.

    <?php

ini_set('zlib.output_compression', 4096);



function forceDownload($file=null) {

if($file==""||!$file) return "Please specify file to download [ <b>https://{$_SERVER["SERVER_NAME"]}/download.php?file=<u>*filename*</u></b> ]";

$valid = strtolower($file);



switch($valid) {

case "downloadme.pdf": break;

default: return "File not available for download."; break;

}



if(!file_exists($file)) return "File not found, Please contact an administrator";

header("Pragma: public");

header("Expires: 0");

header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Cache-Control: private",false);

header("Content-Type: application/force-download");

header("Content-Disposition: attachment; filename=\"".basename($file)."\";" );

header("Content-Transfer-Encoding: binary");

header("Content-Length: ".filesize($file));

readfile($file);

}

///////////////////////Execute Download////////////////////

if(!isset($_GET["file"])) $f = ""; else $f = $_GET["file"];

echo forceDownload($f);

die();

?>