Jakub Narebski <jnareb@xxxxxxxxx> writes:
> But you forget that in HTTP headers, to be more exact in
> Content-Disposition: inline; filename="<filename>"
> header, the quote '"' and end-of-line '\n' characters in <filename>
> are treated specially. So you need to quote somehow at least those
> two characters.
True, but untrue. This is just a suggestion so we do not _have_
to quote. We only need to avoid spitting out dq and lf
literally. We could even just do something like the attached if
we wanted to:
s/[^ -~]+/?/g ;# replace each sequence of bytes outside
# ' ' to '~' range to a '?'
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 44991b1..e7202ee 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -2651,7 +2651,7 @@ sub git_blob_plain {
# save as filename, even when no $file_name is given
my $save_as = "$hash";
if (defined $file_name) {
- $save_as = $file_name;
+ ($save_as = $file_name) =~ s/[^ -~]+/?/g;
} elsif ($type =~ m/^text\//) {
$save_as .= '.txt';
}
@@ -2830,6 +2830,7 @@ sub git_snapshot {
}
my $filename = basename($project) . "-$hash.tar.$suffix";
+ $filename =~ s/[^ -~]+/?/g;
print $cgi->header(
-type => 'application/x-tar',
@@ -3139,6 +3140,7 @@ sub git_blobdiff {
}
} elsif ($format eq 'plain') {
+ $file_name =~ s/[^ -~]+/?/g;
print $cgi->header(
-type => 'text/plain',
-charset => 'utf-8',
@@ -3241,6 +3243,7 @@ sub git_commitdiff {
my $refs = git_get_references("tags");
my $tagname = git_get_rev_name_tags($hash);
my $filename = basename($project) . "-$hash.patch";
+ $filename =~ s/[^ -~]+/?/g;
print $cgi->header(
-type => 'text/plain',
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html