mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-21 05:43:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Some more comments

Browse source
This commit is contained in:
Neil Alexander 2020-06-17 11:28:35 +01:00
parent 78b127d016
commit 4aca37f55a
1 changed files with 44 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
mediaapi/routing/download.go
View file

@ -336,7 +336,10 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
filename = r.DownloadFilename filename = r.DownloadFilename
} }
if len(filename) > 0 { if len(filename) == 0 {
return nil
}
unescaped, err := url.PathUnescape(filename) unescaped, err := url.PathUnescape(filename)
if err != nil { if err != nil {
return fmt.Errorf("url.PathUnescape: %w", err) return fmt.Errorf("url.PathUnescape: %w", err)
@ -355,6 +358,11 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
} }
} }
// We don't necessarily want a full escape as the Content-Disposition
// can take many of the characters that PathEscape would otherwise and
// browser support for encoding is a bit wild, so we'll escape only
// the characters that we know will mess up the parsing of the
// Content-Disposition header elements themselves
unescaped = strings.ReplaceAll(unescaped, `\`, `\\"`) unescaped = strings.ReplaceAll(unescaped, `\`, `\\"`)
unescaped = strings.ReplaceAll(unescaped, `"`, `\"`) unescaped = strings.ReplaceAll(unescaped, `"`, `\"`)
@ -374,7 +382,7 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
unescaped, unescaped,
)) ))
} }
}
return nil return nil
} }