mirror of
https://github.com/1f349/dendrite.git
synced 2024-12-22 08:14:13 +00:00
Fix unsafe hotserving behaviour for multimedia uploads. (#3113)
Return multimedia with a disposition type of attachment instead of inline. NVT#1548992 Signed-off-by: Josh Qou [jqou@icloud.com](mailto:jqou@icloud.com) Co-authored-by: Jon <haddock.05.roast@icloud.com>
This commit is contained in:
parent
8cf6c381e2
commit
420e7ec81f
@ -341,6 +341,7 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
|
||||
}
|
||||
|
||||
if len(filename) == 0 {
|
||||
w.Header().Set("Content-Disposition", "attachment")
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -376,13 +377,13 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
|
||||
// that would otherwise be parsed as a control character in the
|
||||
// Content-Disposition header
|
||||
w.Header().Set("Content-Disposition", fmt.Sprintf(
|
||||
`inline; filename=%s%s%s`,
|
||||
`attachment; filename=%s%s%s`,
|
||||
quote, unescaped, quote,
|
||||
))
|
||||
} else {
|
||||
// For UTF-8 filenames, we quote always, as that's the standard
|
||||
w.Header().Set("Content-Disposition", fmt.Sprintf(
|
||||
`inline; filename*=utf-8''%s`,
|
||||
`attachment; filename*=utf-8''%s`,
|
||||
url.QueryEscape(unescaped),
|
||||
))
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user