Merge pull request #87 from danny6167/develop

Quote and escape Content-Disposition header

router/router_download.go

@@ -52,7 +52,7 @@ func getDownloadBackup(c *gin.Context) {
 	defer f.Close()
 
 	c.Header("Content-Length", strconv.Itoa(int(st.Size())))
-	c.Header("Content-Disposition", "attachment; filename="+st.Name())
+	c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(st.Name()))
 	c.Header("Content-Type", "application/octet-stream")
 
 	bufio.NewReader(f).WriteTo(c.Writer)
@@ -96,7 +96,7 @@ func getDownloadFile(c *gin.Context) {
 	}
 
 	c.Header("Content-Length", strconv.Itoa(int(st.Size())))
-	c.Header("Content-Disposition", "attachment; filename="+st.Name())
+	c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(st.Name()))
 	c.Header("Content-Type", "application/octet-stream")
 
 	bufio.NewReader(f).WriteTo(c.Writer)

router/router_server_files.go

@@ -39,7 +39,7 @@ func getServerFileContents(c *gin.Context) {
 	// If a download parameter is included in the URL go ahead and attach the necessary headers
 	// so that the file can be downloaded.
 	if c.Query("download") != "" {
-		c.Header("Content-Disposition", "attachment; filename="+st.Name())
+		c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(st.Name()))
 		c.Header("Content-Type", "application/octet-stream")
 	}
 	defer c.Writer.Flush()

router/router_transfer.go

@@ -102,7 +102,7 @@ func getServerArchive(c *gin.Context) {
 	c.Header("X-Checksum", checksum)
 	c.Header("X-Mime-Type", st.Mimetype)
 	c.Header("Content-Length", strconv.Itoa(int(st.Size())))
-	c.Header("Content-Disposition", "attachment; filename="+s.Archiver.Name())
+	c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(s.Archiver.Name()))
 	c.Header("Content-Type", "application/octet-stream")
 
 	bufio.NewReader(file).WriteTo(c.Writer)