MOON
Server: Apache
System: Linux e2e-78-16.ssdcloudindia.net 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64
User: imensosw (1005)
PHP: 8.0.30
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/imensosw/demo.imensosoftware.com/matrix/
Upload Files
File: /home/imensosw/demo.imensosoftware.com/matrix/download_excel.php
<?php
error_reporting(0);

require_once 'config.php';
require 'vendor/autoload.php';

// ✅ get input safely
$doc_no_raw = $_POST['list'][0] ?? '';

if (!empty($doc_no_raw)) {

	// ✅ convert string → array
	$doc_no = explode(',', $doc_no_raw);

	$filePath = __DIR__ . "/docs/";

	// ✅ check zip extension
	if (extension_loaded('zip')) {

		if (count($doc_no) > 0) {

			$zip = new ZipArchive();

			// ✅ unique zip name
			$zip_name = "assignments_" . date("Y-m-d_H-i-s") . ".zip";

			if ($zip->open($zip_name, ZipArchive::CREATE) !== TRUE) {
				die("Failed to create zip");
			}

			foreach ($doc_no as $file) {

				// ✅ sanitize file name
				$file = preg_replace('/[^a-zA-Z0-9_-]/', '', $file);

				if (empty($file)) continue;

				$fileDir = $filePath . $file . "/";

				$xlsFile  = $fileDir . $file . ".xls";
				$xlsxFile = $fileDir . $file . ".xlsx";

				// ✅ detect file
				if (file_exists($xlsFile)) {
					$finalFile = $xlsFile;
					$ext = "xls";
				} elseif (file_exists($xlsxFile)) {
					$finalFile = $xlsxFile;
					$ext = "xlsx";
				} else {
					continue; // skip if not found
				}

				// ✅ add to zip
				$zip->addFile($finalFile, $file . "." . $ext);
			}

			$zip->close();

			// ✅ download zip
			if (file_exists($zip_name)) {

				// clean output buffer
				if (ob_get_length()) {
					ob_end_clean();
				}

				header('Content-Type: application/zip');
				header('Content-Disposition: attachment; filename="' . basename($zip_name) . '"');
				header('Content-Length: ' . filesize($zip_name));

				readfile($zip_name);

				// ✅ delete after download
				unlink($zip_name);
				exit;
			}
		}
	}
}
@ Telegram