diff options
| author | justdave%syndicomm.com <> | 2004-02-04 09:52:20 +0000 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2004-02-04 09:52:20 +0000 |
| commit | 4831ddd26807c9868baec3645255e2b762547ac0 (patch) | |
| tree | 525c5dba5666765f20b4c11b0be3b1d629dc1b50 /attachment.cgi | |
| parent | 545a42a0c5479198e4400ff45afae4271e79d671 (diff) | |
| download | bugs-4831ddd26807c9868baec3645255e2b762547ac0.tar bugs-4831ddd26807c9868baec3645255e2b762547ac0.tar.gz bugs-4831ddd26807c9868baec3645255e2b762547ac0.tar.bz2 bugs-4831ddd26807c9868baec3645255e2b762547ac0.tar.xz bugs-4831ddd26807c9868baec3645255e2b762547ac0.zip | |
Bug 232993: Quote the filenames in the Content-disposition header when downloading attachments. This allows spaces to be used in filenames, and fixes compliance with RFCs 2183, 2045, and 822.
r= myk, a= justdave
Diffstat (limited to 'attachment.cgi')
| -rwxr-xr-x | attachment.cgi | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/attachment.cgi b/attachment.cgi index c61b999e0..fd9983841 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -480,8 +480,12 @@ sub view $filename =~ s/^.*[\/\\]//; my $filesize = length($thedata); + # escape quotes and backslashes in the filename, per RFCs 2045/822 + $filename =~ s/\\/\\\\/g; # escape backslashes + $filename =~ s/"/\\"/g; # escape quotes + print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"", - -content_disposition=> "inline; filename=$filename", + -content_disposition=> "inline; filename=\"$filename\"", -content_length => $filesize); print $thedata; |