From: justdave%syndicomm.com <>
Date: Wed, 4 Feb 2004 09:52:20 +0000 (+0000)
Subject: Bug 232993: Quote the filenames in the Content-disposition header when downloading... 
X-Git-Tag: bugzilla-2.17.7~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4831ddd26807c9868baec3645255e2b762547ac0;p=thirdparty%2Fbugzilla.git

Bug 232993: Quote the filenames in the Content-disposition header when downloading attachments.  This allows spaces to be used in filenames, and fixes compliance with RFCs 2183, 2045, and 822.
r= myk, a= justdave
---

diff --git a/attachment.cgi b/attachment.cgi
index c61b999e0b..fd9983841f 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -480,8 +480,12 @@ sub view
     $filename =~ s/^.*[\/\\]//;
     my $filesize = length($thedata);
 
+    # escape quotes and backslashes in the filename, per RFCs 2045/822
+    $filename =~ s/\\/\\\\/g; # escape backslashes
+    $filename =~ s/"/\\"/g; # escape quotes
+
     print Bugzilla->cgi->header(-type=>"$contenttype; name=\"$filename\"",
-                                -content_disposition=> "inline; filename=$filename",
+                                -content_disposition=> "inline; filename=\"$filename\"",
                                 -content_length => $filesize);
 
     print $thedata;