diff options
author | Neil Alexander <neilalexander@users.noreply.github.com> | 2020-06-16 18:31:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-16 18:31:38 +0100 |
commit | 04c99092a46b2ad0b90645bf6553360b5f1b7da7 (patch) | |
tree | 0ce1380949c6c224a6f872b303d9e4767e5a2c31 /mediaapi/routing/download.go | |
parent | e15a8042a19b270060beef1358f90cda075ddd38 (diff) |
Update whitelist for sytest media fix (#1137)
* Update sytest-whitelist, are-we-synapse-yet.list
* Update gomatrixserverlib
* Update gomatrixserverlib
* Loop avoidance
* Return UTF-8 filenames
* Replace quotes only, instead of using strconv.Quote
* Update sytest-whitelist
* Update sytest-whitelist
Diffstat (limited to 'mediaapi/routing/download.go')
-rw-r--r-- | mediaapi/routing/download.go | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/mediaapi/routing/download.go b/mediaapi/routing/download.go index 1a025f6f..3ce4ba39 100644 --- a/mediaapi/routing/download.go +++ b/mediaapi/routing/download.go @@ -21,6 +21,7 @@ import ( "io" "mime" "net/http" + "net/url" "os" "path/filepath" "regexp" @@ -302,7 +303,14 @@ func (r *downloadRequest) respondFromLocalFile( responseMetadata = r.MediaMetadata if len(responseMetadata.UploadName) > 0 { - w.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename*=utf-8"%s"`, responseMetadata.UploadName)) + uploadName, err := url.PathUnescape(string(responseMetadata.UploadName)) + if err != nil { + return nil, fmt.Errorf("url.PathUnescape: %w", err) + } + w.Header().Set("Content-Disposition", fmt.Sprintf( + `inline; filename=utf-8"%s"`, + strings.ReplaceAll(uploadName, `"`, `\"`), // escape quote marks only, as per RFC6266 + )) } } |