escape quotation marks in Content-Disposition header

diff --git a/lib/pleroma/plugs/uploaded_media.ex b/lib/pleroma/plugs/uploaded_media.ex
index 15f447ded319d97767592f0ffb17b999d40b1fac..bc913f4087e8ddc61ca74ed4b0f4a15c0b2fa48f 100644 (file)
--- a/lib/pleroma/plugs/uploaded_media.ex
+++ b/lib/pleroma/plugs/uploaded_media.ex
@@ -27,6 +27,8 @@ defmodule Pleroma.Plugs.UploadedMedia do
     conn =
       case fetch_query_params(conn) do
         %{query_params: %{"name" => name}} = conn ->
+          name = String.replace(name, "\"", "\\\"")
+
           conn
           |> put_resp_header("Content-Disposition", "filename=\"#{name}\"")