Software `/` code `/` prosody

Comparison

plugins/mod_http_file_share.lua @ 12227:88958c0ecab3

mod_http_file_share: Use alternate syntax for filename in Content-Disposition The Lua string.format %q doesn't behave correctly for all characters that should be escaped in a quoted-string. And who knows what effects higher Unicode might have here. Applying percent-encoding of filenames seems like the safest way to deal with filenames, as well as being easier than implementing the actual quoted-string transform, which seems complicated and I'm not even sure it covers every possible character. Filenames can safely be assumed to be UTF-8 since they are passed in an attribute in the query without any escaping.

author	Kim Alvefur <zash@zash.se>
date	Sat, 29 Jan 2022 16:11:38 +0100
parent	12179:5e68635cdc2c
child	12444:b33558969b3e

comparison

equal deleted inserted replaced

-:7db81c9cbbbf
+:88958c0ecab3
 local url = require "socket.url";
 local dm = require "core.storagemanager".olddm;
 local jwt = require "util.jwt";
 local errors = require "util.error";
 local dataform = require "util.dataforms".new;
+local urlencode = require "util.http".urlencode;
 local dt = require "util.datetime";
 local hi = require "util.human.units";
 local cache = require "util.cache";
 local lfs = require "lfs";
 	end
 	response.headers.last_modified = last_modified;
 	response.headers.content_length = filesize;
 	response.headers.content_type = filetype;
-	response.headers.content_disposition = string.format("%s; filename=%q", disposition, basename);
+	response.headers.content_disposition = string.format("%s; filename*=UTF-8''%s", disposition, urlencode(basename));
 	if response_range then
 		response.status_code = 206;
 		response.headers.content_range = response_range;
 	end

prosody

88958c0ecab3

plugins/mod_http_file_share.lua

Software / code / prosody

Comparison

plugins/mod_http_file_share.lua @ 12227:88958c0ecab3

Software `/` code `/` prosody