Koenig, давно делал даные не фильтрировал. Думаю так лутше
<?php
define('_IN_JOHNCMS', 1);
$rootpath = '';
require('incfiles/core.php');
$error = !isset($_POST['code']) ? $lng_forum['access_forbidden'] : '';
$code = '/* предосмотр кода с сайта ' . $home . ' */' . "\n";
$code .= htmlspecialchars($_POST['code']);
$code = html_entity_decode(trim($code), ENT_QUOTES, 'UTF-8');
$code = str_replace('<br />', '\n', $code);
if ($error) {
require('../incfiles/head.php');
echo '<div class="rmenu"><p>' . $error . '</p></div>';
require('../incfiles/end.php');
exit;
}
if (isset($_POST['submit2'])) {
header($_SERVER['SERVER_PROTOCOL'] . ' 200 OK');
header('Content-Type: application/force-download');
header('Content-Description: inline; File Transfer');
header('Content-Disposition: attachment; filename="code.txt";', false);
}
header('Content-Type: text/plain;charset=UTF-8');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . mb_strlen($code));
print($code);
exit;
?>