aboutsummaryrefslogtreecommitdiff
path: root/mediaapi/routing/download.go
diff options
context:
space:
mode:
authorNeil Alexander <neilalexander@users.noreply.github.com>2020-06-16 18:31:38 +0100
committerGitHub <noreply@github.com>2020-06-16 18:31:38 +0100
commit04c99092a46b2ad0b90645bf6553360b5f1b7da7 (patch)
tree0ce1380949c6c224a6f872b303d9e4767e5a2c31 /mediaapi/routing/download.go
parente15a8042a19b270060beef1358f90cda075ddd38 (diff)
Update whitelist for sytest media fix (#1137)
* Update sytest-whitelist, are-we-synapse-yet.list * Update gomatrixserverlib * Update gomatrixserverlib * Loop avoidance * Return UTF-8 filenames * Replace quotes only, instead of using strconv.Quote * Update sytest-whitelist * Update sytest-whitelist
Diffstat (limited to 'mediaapi/routing/download.go')
-rw-r--r--mediaapi/routing/download.go10
1 files changed, 9 insertions, 1 deletions
diff --git a/mediaapi/routing/download.go b/mediaapi/routing/download.go
index 1a025f6f..3ce4ba39 100644
--- a/mediaapi/routing/download.go
+++ b/mediaapi/routing/download.go
@@ -21,6 +21,7 @@ import (
"io"
"mime"
"net/http"
+ "net/url"
"os"
"path/filepath"
"regexp"
@@ -302,7 +303,14 @@ func (r *downloadRequest) respondFromLocalFile(
responseMetadata = r.MediaMetadata
if len(responseMetadata.UploadName) > 0 {
- w.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename*=utf-8"%s"`, responseMetadata.UploadName))
+ uploadName, err := url.PathUnescape(string(responseMetadata.UploadName))
+ if err != nil {
+ return nil, fmt.Errorf("url.PathUnescape: %w", err)
+ }
+ w.Header().Set("Content-Disposition", fmt.Sprintf(
+ `inline; filename=utf-8"%s"`,
+ strings.ReplaceAll(uploadName, `"`, `\"`), // escape quote marks only, as per RFC6266
+ ))
}
}