escape quotation marks in Content-Disposition header

author: rinpatch <rinpatch@sdf.org> 2019-03-12 09:21:13 +0300
committer: rinpatch <rinpatch@sdf.org> 2019-03-12 09:21:13 +0300
commit: 92a69bddce10da92a6a418f08c134ebdd6217ca4 (patch)
tree: 550e6e7df2acdba0a6d6811ebe1336c5655bfbf8 /lib
parent: 5a73cae2be8e9b490ed4a610347998f1120740f0 (diff)
download: pleroma-92a69bddce10da92a6a418f08c134ebdd6217ca4.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/pleroma/plugs/uploaded_media.ex b/lib/pleroma/plugs/uploaded_media.ex
index 15f447ded..bc913f408 100644
--- a/lib/pleroma/plugs/uploaded_media.ex
+++ b/lib/pleroma/plugs/uploaded_media.ex
@@ -27,6 +27,8 @@ defmodule Pleroma.Plugs.UploadedMedia do
     conn =
       case fetch_query_params(conn) do
         %{query_params: %{"name" => name}} = conn ->
+          name = String.replace(name, "\"", "\\\"")
+
           conn
           |> put_resp_header("Content-Disposition", "filename=\"#{name}\"")
author	rinpatch <rinpatch@sdf.org>	2019-03-12 09:21:13 +0300
committer	rinpatch <rinpatch@sdf.org>	2019-03-12 09:21:13 +0300
commit	92a69bddce10da92a6a418f08c134ebdd6217ca4 (patch)
tree	550e6e7df2acdba0a6d6811ebe1336c5655bfbf8 /lib
parent	5a73cae2be8e9b490ed4a610347998f1120740f0 (diff)
download	pleroma-92a69bddce10da92a6a418f08c134ebdd6217ca4.tar.gz