In particular, I have a form with some parameters to POST which submits to itself, but I would like to preserve the GET parameters when the form is submitted.
For example, if the original URL is http://mydomain.com/download.php?fname=foobar.bin, I want that to be the URL when I make the POST. But the foobar.bin part of the URL might change.
Here is a minimum working example
<?php
$pass = $_POST['pass'];
$filename = $_GET['p'];
$file = "../../cgi-secret/$filename";
if($pass == "foobar")
{
header('Content-type: application/octet-stream');
header("Content-Disposition: attachment; filename=\"$filename\"");
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
// The PDF source is in original.pdf
readfile($file);
}
if(isset($_POST))
{?>
<form method="POST" action="download.php?p=$file">
Password <input type="password" name="pass"></input>
<input type="submit" name="submit" value="Get File" ></input>
</form>
<?}
?>
On this line, I want to post to the current URL, whatever that happens to be
<form method="POST" action="download.php?p=$filename">
To give some context, I am trying to modify the answer to my question How can I password protect a binary file download? so that I can pass the filename as a GET parameter.
Have you seen $_SERVER['QUERY_STRING']? Short of looping the existing $_GET array when you render the form it's probably the most straightforward approach.
An example:
<form method="POST"
action="download.php?p=$filename&<?php echo $_SERVER['QUERY_STRING']; ?>">
In the case that you don't have access to $_SERVER['QUERY_STRING'], you could use:
<form method="POST"
action="download.php?p=$filename&<?php foreach($_GET as $key => $val) echo $key.'='.urlencode($val).'&'; ?>">