Bug 232993: Quote the filenames in the Content-disposition header when…

Bug 232993: Quote the filenames in the Content-disposition header when downloading attachments. This allows spaces to be used in filenames, and fixes compliance with RFCs 2183, 2045, and 822. r= myk, a= justdave

Bug 232993: Quote the filenames in the Content-disposition header when…
4831ddd2 · justdave%syndicomm.com · 545a42a0 · 4831ddd2
Commit 4831ddd2 authored Feb 04, 2004 by justdave%syndicomm.com
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

attachment.cgi attachment.cgi +5 -1

No files found.
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -480,8 +480,12 @@ sub view
    $filename =~ s/^.*[\/\\]//;
    my $filesize = length($thedata);

+    # escape quotes and backslashes in the filename, per RFCs 2045/822
+    $filename =~ s/\\/\\\\/g; # escape backslashes
+    $filename =~ s/"/\\"/g; # escape quotes
+
    print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"",
-                                -content_disposition=> "inline; filename=$filename",
+                                -content_disposition=> "inline; filename=\"$filename\"",
                                -content_length => $filesize);

    print $thedata;