diff options
| author | Stan Hu <stanhu@gmail.com> | 2019-02-05 04:27:22 +0300 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2019-02-05 10:12:44 +0300 |
| commit | 41b51c065604091579a2308adc527fe5bb187abe (patch) | |
| tree | a3730ea8e6310ec0012d801791576e2940ad3ec4 /lib/gitlab/content_disposition.rb | |
| parent | 4b07f22d93de1417ab7918ffd982e35526b50c6e (diff) | |
Encode Content-Disposition filenames
Users downloading non-ASCII attachments would see garbled characters.
When used with object storage, AWS S3 would return an InvalidArgument
error: Header value cannot be represented using ISO-8859-1.
Per RFC 5987 and RFC 6266, Content-Disposition should be encoded
properly. This commit takes the Rails 6 implementation of
ActiveSuppport::Http::ContentDisposition
(https://github.com/rails/rails/pull/33829) and ports it here.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/47673
Diffstat (limited to 'lib/gitlab/content_disposition.rb')
| -rw-r--r-- | lib/gitlab/content_disposition.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/lib/gitlab/content_disposition.rb b/lib/gitlab/content_disposition.rb new file mode 100644 index 00000000000..96ead8a9fbf --- /dev/null +++ b/lib/gitlab/content_disposition.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true +# This ports ActionDispatch::Http::ContentDisposition (https://github.com/rails/rails/pull/33829, +# which will be available in Rails 6. +module Gitlab + class ContentDisposition # :nodoc: + def self.format(disposition:, filename:) + new(disposition: disposition, filename: filename).to_s + end + + attr_reader :disposition, :filename + + def initialize(disposition:, filename:) + @disposition = disposition + @filename = filename + end + + # rubocop:disable Style/VariableInterpolation + TRADITIONAL_ESCAPED_CHAR = /[^ A-Za-z0-9!#$+.^_`|~-]/ + + def ascii_filename + 'filename="' + percent_escape(::I18n.transliterate(filename), TRADITIONAL_ESCAPED_CHAR) + '"' + end + + RFC_5987_ESCAPED_CHAR = /[^A-Za-z0-9!#$&+.^_`|~-]/ + # rubocop:enable Style/VariableInterpolation + + def utf8_filename + "filename*=UTF-8''" + percent_escape(filename, RFC_5987_ESCAPED_CHAR) + end + + def to_s + if filename + "#{disposition}; #{ascii_filename}; #{utf8_filename}" + else + "#{disposition}" + end + end + + private + + def percent_escape(string, pattern) + string.gsub(pattern) do |char| + char.bytes.map { |byte| "%%%02X" % byte }.join + end + end + end +end |