summaryrefslogtreecommitdiff
path: root/lib/api/helpers.rb
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2019-02-04 17:27:22 -0800
committerStan Hu <stanhu@gmail.com>2019-02-04 23:12:44 -0800
commit41b51c065604091579a2308adc527fe5bb187abe (patch)
treea3730ea8e6310ec0012d801791576e2940ad3ec4 /lib/api/helpers.rb
parent4b07f22d93de1417ab7918ffd982e35526b50c6e (diff)
downloadgitlab-ce-41b51c065604091579a2308adc527fe5bb187abe.tar.gz
Encode Content-Disposition filenames
Users downloading non-ASCII attachments would see garbled characters. When used with object storage, AWS S3 would return an InvalidArgument error: Header value cannot be represented using ISO-8859-1. Per RFC 5987 and RFC 6266, Content-Disposition should be encoded properly. This commit takes the Rails 6 implementation of ActiveSuppport::Http::ContentDisposition (https://github.com/rails/rails/pull/33829) and ports it here. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/47673
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r--lib/api/helpers.rb10
1 files changed, 2 insertions, 8 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index fa6c9777824..e3d0b981065 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -422,7 +422,7 @@ module API
def present_disk_file!(path, filename, content_type = 'application/octet-stream')
filename ||= File.basename(path)
- header['Content-Disposition'] = "attachment; filename=#{filename}"
+ header['Content-Disposition'] = ::Gitlab::ContentDisposition.format(disposition: 'attachment', filename: filename)
header['Content-Transfer-Encoding'] = 'binary'
content_type content_type
@@ -496,7 +496,7 @@ module API
def send_git_blob(repository, blob)
env['api.format'] = :txt
content_type 'text/plain'
- header['Content-Disposition'] = content_disposition('inline', blob.name)
+ header['Content-Disposition'] = ::Gitlab::ContentDisposition.format(disposition: 'inline', filename: blob.name)
# Let Workhorse examine the content and determine the better content disposition
header[Gitlab::Workhorse::DETECT_HEADER] = "true"
@@ -533,11 +533,5 @@ module API
params[:archived]
end
-
- def content_disposition(disposition, filename)
- disposition += %(; filename=#{filename.inspect}) if filename.present?
-
- disposition
- end
end
end