On Monday, August 15, 2011 6:09:00 AM UTC-4, peter wrote: > > If I have a url > > .../default/my_download/abc.mp3?album=def&filename=ghi.mp3 > > Then it does correctly download web2py/albums/def/ghi.mp3 > > The popup for the user say 'do you want to open or save "abc.mp3"
I'm not sure web2py is doing anything to affect that -- I think it's probably the browser -- when it receives the audio stream, it assumes the name is the last part of the URL before the query string. You might be able to fix that by setting the Content-Dispostion header response.headers['Content-Disposition'] = 'inline; filename=%s' % request.vars.filename # for streaming response.headers['Content-Disposition'] = 'attachment; filename=%s' % request.vars.filename # to force download as attachment Note, be careful accepting arbitrary albums and filenames in your request.vars -- a malicious user could employ a directory traversal attack if you don't put some restrictions on allowed values for the album and filename values (web2py's upload/download functionality provides built-in protection against this kind of attack). For example, with your current my_downloads function, here is how someone could steal your parameters_8000.py file: /default/my_downloads/abc.mp3?album=..&filename=parameters_8000.py Anthony
