Skip to content

Commit

Permalink
gitweb: Quote filename in HTTP Content-Disposition: header
Browse files Browse the repository at this point in the history 
Finish work started by commit a2f3db2 (although not documented
in commit message) of quoting using quotemeta the filename in
HTTP -content_disposition header.

Just in case filename contains end of line character.

Also use consistent coding style to compute -content_disposition
parameter.

Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
  • Loading branch information
Jakub Narebski authored and Junio C Hamano committed Sep 27, 2006
1 parent f93bff8 commit ab41dfb
Showing 1 changed file with 9 additions and 8 deletions.
17 changes: 9 additions & 8 deletions gitweb/gitweb.perl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2320,7 +2320,7 @@ sub git_project_index {
print $cgi->header(
-type => 'text/plain',
-charset => 'utf-8',
-content_disposition => qq(inline; filename="index.aux"));
-content_disposition => 'inline; filename="index.aux"');

foreach my $pr (@projects) {
if (!exists $pr->{'owner'}) {
Expand Down Expand Up @@ -2682,7 +2682,7 @@ sub git_blob_plain {
print $cgi->header(
-type => "$type",
-expires=>$expires,
-content_disposition => "inline; filename=\"$save_as\"");
-content_disposition => 'inline; filename="' . quotemeta($save_as) . '"');
undef $/;
binmode STDOUT, ':raw';
print <$fd>;
Expand Down Expand Up @@ -2856,10 +2856,11 @@ sub git_snapshot {

my $filename = basename($project) . "-$hash.tar.$suffix";

print $cgi->header(-type => 'application/x-tar',
-content_encoding => $ctype,
-content_disposition => "inline; filename=\"$filename\"",
-status => '200 OK');
print $cgi->header(
-type => 'application/x-tar',
-content_encoding => $ctype,
-content_disposition => 'inline; filename="' . quotemeta($filename) . '"',
-status => '200 OK');

my $git_command = git_cmd_str();
open my $fd, "-|", "$git_command tar-tree $hash \'$project\' | $command" or
Expand Down Expand Up @@ -3169,7 +3170,7 @@ sub git_blobdiff {
-type => 'text/plain',
-charset => 'utf-8',
-expires => $expires,
-content_disposition => qq(inline; filename=") . quotemeta($file_name) . qq(.patch"));
-content_disposition => 'inline; filename="' . quotemeta($file_name) . '.patch"');

print "X-Git-Url: " . $cgi->self_url() . "\n\n";

Expand Down Expand Up @@ -3272,7 +3273,7 @@ sub git_commitdiff {
-type => 'text/plain',
-charset => 'utf-8',
-expires => $expires,
-content_disposition => qq(inline; filename="$filename"));
-content_disposition => 'inline; filename="' . quotemeta($filename) . '"');
my %ad = parse_date($co{'author_epoch'}, $co{'author_tz'});
print <<TEXT;
From: $co{'author'}
Expand Down

0 comments on commit ab41dfb

Please sign in to comment.