Creating file on the fly in php (Issue with extension)

Question

I'm creating a file on the fly in PHP containing plain text and then telling the browser to download it using the following code:

# Create the verification file and force-download it.
header("Content-type: text/plain");
header("Content-Disposition: attachment; filename='.ecf'"); #1
header("Pragma: no-cache");
header("Expires: 0");
echo "...";

As shown in the line designated with #1, I want the to-be-downloaded file to be named .ecf, but with my current code, when it is downloaded it's named ecf (without extension).

How can I tell PHP to save the file as .ecf instead of ecf?

---

Note: The issue I'm facing lies in the downloaded file not having an extension and not in trying to create and download a file on the fly, so please refrain from marking this question as a duplicate of the myriad existent questions regarding that.

---

Edit: As also pointed out in the comments, I tried escaping the dot, but then the downloaded file is named -.ecf.

Answer 1

This is a security restriction at the browser level. Files starting with a . - "dotfiles" - have special function on OSX and Linux (and are hidden by default), so allowing you to drop one in the user's Downloads folder could potentially allow malicious acts.

https://www.w3.org/TR/html5/links.html#downloading-resources

Otherwise, if named type is known to be potentially dangerous (e.g. it will be treated by the platform conventions as a native executable, shell script, HTML application, or executable-macro-capable document) then optionally alter filename to add a known-safe extension (e.g. ".txt").