Commit 889d3425 authored by's avatar

Bug 275108 : Content-disposition header is incorrect, violates RFC

Patch by byron jones (glob) <> r=mkanat a=justdave
parent a037f115
......@@ -18,13 +18,13 @@
# Rights Reserved.
# Contributor(s): Bradley Baetz <>
# Byron Jones <>
use strict;
package Bugzilla::CGI;
use CGI qw(-no_xhtml -oldstyle_urls :private_tempfiles :unique_headers SERVER_PUSH);
use CGI::Util qw(rearrange);
use base qw(CGI);
......@@ -111,20 +111,34 @@ sub canonicalise_query {
return join("&", @parameters);
# Overwrite to handle nph parameter. This should stay here until perl 5.8.1 CGI
# has been fixed to support -nph as a parameter
# Overwrite to ensure nph doesn't get set, and unset HEADERS_ONCE
sub multipart_init {
my($self,@p) = @_;
my($boundary,$nph,@other) = rearrange(['BOUNDARY','NPH'],@p);
$boundary = $boundary || '------- =_aaaaaaaaaa0';
my $self = shift;
# Keys are case-insensitive, map to lowercase
my %args = @_;
my %param;
foreach my $key (keys %args) {
$param{lc $key} = $args{$key};
# Set the MIME boundary and content-type
my $boundary = $param{'-boundary'} || '------- =_aaaaaaaaaa0';
delete $param{'-boundary'};
$self->{'separator'} = "\r\n--$boundary\r\n";
$self->{'final_separator'} = "\r\n--$boundary--\r\n";
my $type = SERVER_PUSH($boundary);
$param{'-type'} = SERVER_PUSH($boundary);
# Note: up to v3.04 explicitly set nph to 0
# v3.05 explicitly sets nph to 1
#'s header() sets nph according to a param or $CGI::NPH, which
# is the desired behavour.
# Allow multiple calls to $cgi->header()
return $self->header(
-nph => 0,
-type => $type,
(map { split "=", $_, 2 } @other),
......@@ -145,29 +159,11 @@ sub header {
return $self->SUPER::header(@_) || "";
# We override the entirety of multipart_start instead of falling through to
# SUPER because the built-in one can't deal with cookies in any kind of sane
# way. This sub is gratuitously swiped from the real, but fixed so
# it actually works (but only as much as we need it to).
# Override multipart_start to ensure our cookies are added and avoid bad quoting of
# CGI's multipart_start (bug 275108)
sub multipart_start {
my($self,@p) = @_;
my($type,@other) = rearrange([['TYPE','CONTENT_TYPE','CONTENT-TYPE']],@p);
my $charset = $self->charset;
$type = $type || 'text/html';
$type .= "; charset=$charset" if $type ne '' and $type =~ m!^text/! and $type !~ /\bcharset\b/ and $charset ne '';
push(@header,"Content-Type: $type");
# Add the cookies in if we have any
if (scalar(@{$self->{Bugzilla_cookie_list}})) {
foreach my $cookie (@{$self->{Bugzilla_cookie_list}}) {
push @header, "Set-Cookie: $cookie";
my $header = join($CGI::CRLF,@header)."${CGI::CRLF}${CGI::CRLF}";
return $header;
my $self = shift;
return $self->header(@_);
# The various parts of Bugzilla which create cookies don't want to have to
......@@ -740,9 +740,13 @@ if ($::FORM{'debug'}) {
# Time to use server push to display an interim message to the user until
# the query completes and we can display the bug list.
my $disposition = '';
if ($serverpush) {
print $cgi->multipart_init(-content_disposition => "inline; filename=$filename");
$filename =~ s/\\/\\\\/g; # escape backslashes
$filename =~ s/"/\\"/g; # escape quotes
$disposition = qq#inline; filename="$filename"#;
print $cgi->multipart_init(-content_disposition => $disposition);
print $cgi->multipart_start();
# Generate and return the UI (HTML page) from the appropriate template.
......@@ -992,7 +996,7 @@ if ($format->{'extension'} eq "csv") {
if ($serverpush) {
# close the "please wait" page, then open the buglist page
print $cgi->multipart_end();
print $cgi->multipart_start(-type=>$contenttype);
print $cgi->multipart_start(-type => $contenttype, -content_disposition => $disposition);
} else {
# Suggest a name for the bug list if the user wants to save it as a file.
# If we are doing server push, then we did this already in the HTTP headers
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment