Merge pull request #87 from danny6167/develop

Quote and escape Content-Disposition header
This commit is contained in:
Dane Everitt 2021-02-22 08:18:23 -08:00 committed by GitHub
commit 1e1549342f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 4 deletions

View File

@ -52,7 +52,7 @@ func getDownloadBackup(c *gin.Context) {
defer f.Close() defer f.Close()
c.Header("Content-Length", strconv.Itoa(int(st.Size()))) c.Header("Content-Length", strconv.Itoa(int(st.Size())))
c.Header("Content-Disposition", "attachment; filename="+st.Name()) c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(st.Name()))
c.Header("Content-Type", "application/octet-stream") c.Header("Content-Type", "application/octet-stream")
bufio.NewReader(f).WriteTo(c.Writer) bufio.NewReader(f).WriteTo(c.Writer)
@ -96,7 +96,7 @@ func getDownloadFile(c *gin.Context) {
} }
c.Header("Content-Length", strconv.Itoa(int(st.Size()))) c.Header("Content-Length", strconv.Itoa(int(st.Size())))
c.Header("Content-Disposition", "attachment; filename="+st.Name()) c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(st.Name()))
c.Header("Content-Type", "application/octet-stream") c.Header("Content-Type", "application/octet-stream")
bufio.NewReader(f).WriteTo(c.Writer) bufio.NewReader(f).WriteTo(c.Writer)

View File

@ -39,7 +39,7 @@ func getServerFileContents(c *gin.Context) {
// If a download parameter is included in the URL go ahead and attach the necessary headers // If a download parameter is included in the URL go ahead and attach the necessary headers
// so that the file can be downloaded. // so that the file can be downloaded.
if c.Query("download") != "" { if c.Query("download") != "" {
c.Header("Content-Disposition", "attachment; filename="+st.Name()) c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(st.Name()))
c.Header("Content-Type", "application/octet-stream") c.Header("Content-Type", "application/octet-stream")
} }
defer c.Writer.Flush() defer c.Writer.Flush()

View File

@ -102,7 +102,7 @@ func getServerArchive(c *gin.Context) {
c.Header("X-Checksum", checksum) c.Header("X-Checksum", checksum)
c.Header("X-Mime-Type", st.Mimetype) c.Header("X-Mime-Type", st.Mimetype)
c.Header("Content-Length", strconv.Itoa(int(st.Size()))) c.Header("Content-Length", strconv.Itoa(int(st.Size())))
c.Header("Content-Disposition", "attachment; filename="+s.Archiver.Name()) c.Header("Content-Disposition", "attachment; filename="+strconv.Quote(s.Archiver.Name()))
c.Header("Content-Type", "application/octet-stream") c.Header("Content-Type", "application/octet-stream")
bufio.NewReader(file).WriteTo(c.Writer) bufio.NewReader(file).WriteTo(c.Writer)