[PATCH 5/5] gitweb: Quote filename in HTTP Content-Disposition: header

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jakub Narebski <jnareb@gmail.com>
To: git@vger.kernel.org
Cc: Petr Baudis <pasky@suse.cz>
Subject: [PATCH 5/5] gitweb: Quote filename in HTTP Content-Disposition: header
Date: Tue, 26 Sep 2006 01:59:43 +0200	[thread overview]
Message-ID: <200609260159.43684.jnareb@gmail.com> (raw)
In-Reply-To: <200609260153.08503.jnareb@gmail.com>

Finish work started by a2f3db2f5de2a3667b0e038aa65e3e097e642e7d commit
(although not documented in commit message) of quoting using quotemeta
the filename in HTTP -content_disposition header.  Uniquify output.

Just in case filename contains end of line character.

Signed-off-by: Jakub Narebski <jnareb@gmail.com>
---
 gitweb/gitweb.perl |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index b51e061..4dd7a5d 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -2326,7 +2326,7 @@ sub git_project_index {
 	print $cgi->header(
 		-type => 'text/plain',
 		-charset => 'utf-8',
-		-content_disposition => qq(inline; filename="index.aux"));
+		-content_disposition => 'inline; filename="index.aux"');
 
 	foreach my $pr (@projects) {
 		if (!exists $pr->{'owner'}) {
@@ -2672,7 +2672,7 @@ sub git_blob_plain {
 	print $cgi->header(
 		-type => "$type",
 		-expires=>$expires,
-		-content_disposition => "inline; filename=\"$save_as\"");
+		-content_disposition => 'inline; filename="' . quotemeta($save_as) . '"');
 	undef $/;
 	binmode STDOUT, ':raw';
 	print <$fd>;
@@ -2846,10 +2846,11 @@ sub git_snapshot {
 
 	my $filename = basename($project) . "-$hash.tar.$suffix";
 
-	print $cgi->header(-type => 'application/x-tar',
-	                   -content_encoding => $ctype,
-	                   -content_disposition => "inline; filename=\"$filename\"",
-	                   -status => '200 OK');
+	print $cgi->header(
+		-type => 'application/x-tar',
+		-content_encoding => $ctype,
+		-content_disposition => 'inline; filename="' . quotemeta($filename) . '"',
+		-status => '200 OK');
 
 	my $git_command = git_cmd_str();
 	open my $fd, "-|", "$git_command tar-tree $hash \'$project\' | $command" or
@@ -3159,7 +3160,7 @@ sub git_blobdiff {
 			-type => 'text/plain',
 			-charset => 'utf-8',
 			-expires => $expires,
-			-content_disposition => qq(inline; filename=") . quotemeta($file_name) . qq(.patch"));
+			-content_disposition => 'inline; filename="' . quotemeta($file_name) . '.patch"');
 
 		print "X-Git-Url: " . $cgi->self_url() . "\n\n";
 
@@ -3262,7 +3263,7 @@ sub git_commitdiff {
 			-type => 'text/plain',
 			-charset => 'utf-8',
 			-expires => $expires,
-			-content_disposition => qq(inline; filename="$filename"));
+			-content_disposition => 'inline; filename="' . quotemeta($filename) . '"');
 		my %ad = parse_date($co{'author_epoch'}, $co{'author_tz'});
 		print <<TEXT;
 From: $co{'author'}
-- 
1.4.2.1

next prev parent reply	other threads:[~2006-09-26  0:00 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-25 23:53 [PATCH 0/5] gitweb: A few code cleanup patches Jakub Narebski
2006-09-25 23:54 ` [PATCH 1/5] gitweb: Strip trailing slashes from $path in git_get_hash_by_path Jakub Narebski
2006-09-25 23:56 ` [PATCH 2/5] gitweb: Use "return" instead of "return undef" for some subs Jakub Narebski
2006-09-25 23:57 ` [PATCH 3/5] gitweb: Split validate_input into validate_pathname and validate_refname Jakub Narebski
2006-09-26  4:11   ` Junio C Hamano
2006-09-26  7:55     ` Jakub Narebski
2006-09-25 23:58 ` [PATCH 4/5] gitweb: Add git_url subroutine, and use it to quote full URLs Jakub Narebski
2006-09-25 23:59 ` Jakub Narebski [this message]
2006-09-26  4:11   ` [PATCH 5/5] gitweb: Quote filename in HTTP Content-Disposition: header Junio C Hamano
2006-09-26  7:51     ` Jakub Narebski

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b51e061 dfblob:4dd7a5d )
 OR (
bs:"[PATCH 5/5] gitweb: Quote filename in HTTP Content-Disposition: header" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200609260159.43684.jnareb@gmail.com \
    --to=jnareb@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=pasky@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).