diff options
| author | Jakub Narebski <jnareb@gmail.com> | 2006-09-26 01:59:43 +0200 |
|---|---|---|
| committer | Junio C Hamano <junkio@cox.net> | 2006-09-27 00:41:36 -0700 |
| commit | ab41dfbfd4f3f9fedac71550027e9813b11abe3d (patch) | |
| tree | 6a750670c1ddfb03570b85d87e3f1403708b477e /gitweb | |
| parent | f93bff8d4531d19938a9afbdc28b8d8f4dc97b32 (diff) | |
| download | git-ab41dfbfd4f3f9fedac71550027e9813b11abe3d.tar.gz git-ab41dfbfd4f3f9fedac71550027e9813b11abe3d.tar.xz | |
gitweb: Quote filename in HTTP Content-Disposition: header
Finish work started by commit a2f3db2 (although not documented
in commit message) of quoting using quotemeta the filename in
HTTP -content_disposition header.
Just in case filename contains end of line character.
Also use consistent coding style to compute -content_disposition
parameter.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
Diffstat (limited to 'gitweb')
| -rwxr-xr-x | gitweb/gitweb.perl | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 093ee604f..9349fa1cb 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -2320,7 +2320,7 @@ sub git_project_index { print $cgi->header( -type => 'text/plain', -charset => 'utf-8', - -content_disposition => qq(inline; filename="index.aux")); + -content_disposition => 'inline; filename="index.aux"'); foreach my $pr (@projects) { if (!exists $pr->{'owner'}) { @@ -2682,7 +2682,7 @@ sub git_blob_plain { print $cgi->header( -type => "$type", -expires=>$expires, - -content_disposition => "inline; filename=\"$save_as\""); + -content_disposition => 'inline; filename="' . quotemeta($save_as) . '"'); undef $/; binmode STDOUT, ':raw'; print <$fd>; @@ -2856,10 +2856,11 @@ sub git_snapshot { my $filename = basename($project) . "-$hash.tar.$suffix"; - print $cgi->header(-type => 'application/x-tar', - -content_encoding => $ctype, - -content_disposition => "inline; filename=\"$filename\"", - -status => '200 OK'); + print $cgi->header( + -type => 'application/x-tar', + -content_encoding => $ctype, + -content_disposition => 'inline; filename="' . quotemeta($filename) . '"', + -status => '200 OK'); my $git_command = git_cmd_str(); open my $fd, "-|", "$git_command tar-tree $hash \'$project\' | $command" or @@ -3169,7 +3170,7 @@ sub git_blobdiff { -type => 'text/plain', -charset => 'utf-8', -expires => $expires, - -content_disposition => qq(inline; filename=") . quotemeta($file_name) . qq(.patch")); + -content_disposition => 'inline; filename="' . quotemeta($file_name) . '.patch"'); print "X-Git-Url: " . $cgi->self_url() . "\n\n"; @@ -3272,7 +3273,7 @@ sub git_commitdiff { -type => 'text/plain', -charset => 'utf-8', -expires => $expires, - -content_disposition => qq(inline; filename="$filename")); + -content_disposition => 'inline; filename="' . quotemeta($filename) . '"'); my %ad = parse_date($co{'author_epoch'}, $co{'author_tz'}); print <<TEXT; From: $co{'author'} |