diff options
author | justdave%syndicomm.com <> | 2004-02-04 09:52:20 +0000 |
---|---|---|
committer | justdave%syndicomm.com <> | 2004-02-04 09:52:20 +0000 |
commit | 4831ddd26807c9868baec3645255e2b762547ac0 (patch) | |
tree | 525c5dba5666765f20b4c11b0be3b1d629dc1b50 /attachment.cgi | |
parent | Bug 232830 - use url_quote instead of html filtering to make sure we can dele... (diff) | |
download | bugzilla-4831ddd26807c9868baec3645255e2b762547ac0.tar.gz bugzilla-4831ddd26807c9868baec3645255e2b762547ac0.tar.bz2 bugzilla-4831ddd26807c9868baec3645255e2b762547ac0.zip |
Bug 232993: Quote the filenames in the Content-disposition header when downloading attachments. This allows spaces to be used in filenames, and fixes compliance with RFCs 2183, 2045, and 822.
r= myk, a= justdave
Diffstat (limited to 'attachment.cgi')
-rwxr-xr-x | attachment.cgi | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/attachment.cgi b/attachment.cgi index c61b999e0..fd9983841 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -480,8 +480,12 @@ sub view $filename =~ s/^.*[\/\\]//; my $filesize = length($thedata); + # escape quotes and backslashes in the filename, per RFCs 2045/822 + $filename =~ s/\\/\\\\/g; # escape backslashes + $filename =~ s/"/\\"/g; # escape quotes + print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"", - -content_disposition=> "inline; filename=$filename", + -content_disposition=> "inline; filename=\"$filename\"", -content_length => $filesize); print $thedata; |