From: rinpatch <rinpatch@sdf.org>
Date: Tue, 12 Mar 2019 06:21:13 +0000 (+0300)
Subject: escape quotation marks in Content-Disposition header
X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=92a69bddce10da92a6a418f08c134ebdd6217ca4;p=akkoma

escape quotation marks in Content-Disposition header
---

diff --git a/lib/pleroma/plugs/uploaded_media.ex b/lib/pleroma/plugs/uploaded_media.ex
index 15f447ded..bc913f408 100644
--- a/lib/pleroma/plugs/uploaded_media.ex
+++ b/lib/pleroma/plugs/uploaded_media.ex
@@ -27,6 +27,8 @@ defmodule Pleroma.Plugs.UploadedMedia do
     conn =
       case fetch_query_params(conn) do
         %{query_params: %{"name" => name}} = conn ->
+          name = String.replace(name, "\"", "\\\"")
+
           conn
           |> put_resp_header("Content-Disposition", "filename=\"#{name}\"")