Bug 232993: Quote the filenames in the Content-disposition header when downloading...

r= myk, a= justdave

diff --git a/attachment.cgi b/attachment.cgi
index c61b999e0bb0522a7042182a95beb0f969b652eb..fd9983841f75e1c0b97b79de834497a2fdcdcf38 100755 (executable)
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -480,8 +480,12 @@ sub view
     $filename =~ s/^.*[\/\\]//;
     my $filesize = length($thedata);
 
+    # escape quotes and backslashes in the filename, per RFCs 2045/822
+    $filename =~ s/\\/\\\\/g; # escape backslashes
+    $filename =~ s/"/\\"/g; # escape quotes
+
     print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"",
-                                -content_disposition=> "inline; filename=$filename",
+                                -content_disposition=> "inline; filename=\"$filename\"",
                                 -content_length => $filesize);
 
     print $thedata;