mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2026-01-09 23:23:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

download.go: Fix unsafe disposition type in media api

Browse source
This commit is contained in:
Josh Qou 2023-06-15 12:57:02 +01:00
parent 8cf6c381e2
commit c9d83b5ae6
No known key found for this signature in database
GPG key ID: DABDEE1EE0D16FED
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
mediaapi/routing/download.go
View file

@ -341,6 +341,7 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
}
if len(filename) == 0 {
w.Header().Set("Content-Disposition", "attachment")
return nil
}
@ -376,13 +377,13 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
// that would otherwise be parsed as a control character in the
// Content-Disposition header
w.Header().Set("Content-Disposition", fmt.Sprintf(
`inline; filename=%s%s%s`,
`attachment; filename=%s%s%s`,
quote, unescaped, quote,
))
} else {
// For UTF-8 filenames, we quote always, as that's the standard
w.Header().Set("Content-Disposition", fmt.Sprintf(
`inline; filename*=utf-8''%s`,
`attachment; filename*=utf-8''%s`,
url.QueryEscape(unescaped),
))
}