escape quotation marks in Content-Disposition header

This commit is contained in:
rinpatch 2019-03-12 09:21:13 +03:00
parent 5a73cae2be
commit 92a69bddce

View File

@ -27,6 +27,8 @@ defmodule Pleroma.Plugs.UploadedMedia do
conn = conn =
case fetch_query_params(conn) do case fetch_query_params(conn) do
%{query_params: %{"name" => name}} = conn -> %{query_params: %{"name" => name}} = conn ->
name = String.replace(name, "\"", "\\\"")
conn conn
|> put_resp_header("Content-Disposition", "filename=\"#{name}\"") |> put_resp_header("Content-Disposition", "filename=\"#{name}\"")