mirrors/homebox
1
0
Fork 0
mirror of https://github.com/sysadminsmedia/homebox.git synced 2025-12-21 13:23:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Escape file name for content-disposition.

Browse Source
This commit is contained in:
Matthew Kilgore
2025-06-30 20:55:11 -04:00
parent 1fd2f42282
commit 04c8e38ecf
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/app/api/handlers/v1/v1_ctrl_items_attachments.go
View File

@@ -3,6 +3,7 @@ package v1
import (
"errors"
"net/http"
"net/url"
"path/filepath"
"strconv"
"strings"
@@ -203,7 +204,9 @@ func (ctrl *V1Controller) handleItemAttachmentsHandler(w http.ResponseWriter, r
}
}(bucket)
w.Header().Set("Content-Disposition", "attachment; filename="+doc.Title)
// Set the Content-Disposition header for RFC6266 compliance
disposition := "attachment; filename*=UTF-8''" + url.QueryEscape(doc.Title)
w.Header().Set("Content-Disposition", disposition)
http.ServeContent(w, r, doc.Title, doc.CreatedAt, file)
return nil