projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add selection UI
[akkoma]
/
lib
/
pleroma
/
web
/
plugs
/
uploaded_media.ex
diff --git
a/lib/pleroma/web/plugs/uploaded_media.ex
b/lib/pleroma/web/plugs/uploaded_media.ex
index 7b87d8f178defd9515ed9421aa68e0b753730633..72f20e8de16a332c5efda0ae8c9cbe59340c49a8 100644
(file)
--- a/
lib/pleroma/web/plugs/uploaded_media.ex
+++ b/
lib/pleroma/web/plugs/uploaded_media.ex
@@
-35,7
+35,7
@@
defmodule Pleroma.Web.Plugs.UploadedMedia do
conn =
case fetch_query_params(conn) do
%{query_params: %{"name" => name}} = conn ->
conn =
case fetch_query_params(conn) do
%{query_params: %{"name" => name}} = conn ->
- name =
String.replace(name, "\"", "\\\""
)
+ name =
escape_header_value(name
)
put_resp_header(conn, "content-disposition", "filename=\"#{name}\"")
put_resp_header(conn, "content-disposition", "filename=\"#{name}\"")
@@
-98,4
+98,11
@@
defmodule Pleroma.Web.Plugs.UploadedMedia do
|> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))
|> halt()
end
|> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))
|> halt()
end
+
+ defp escape_header_value(value) do
+ value
+ |> String.replace("\"", "\\\"")
+ |> String.replace("\\r", "")
+ |> String.replace("\\n", "")
+ end
end
end