mattnite
/
forgejo-tickets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize Content-Disposition filename in downloads 

Fixes #17

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matthew Knight 2026-02-17 15:59:54 -08:00
parent fc2a3880c4
commit ace0c06362
No known key found for this signature in database
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/handlers/public/tickets.go
View File

@ -2,6 +2,7 @@ package public
import (
"io"
"mime"
"net/http"
"sort"
"strconv"
@ -531,7 +532,7 @@ func (h *TicketHandler) proxyAssetDownload(c *gin.Context, assetURL, filename st
contentType = "application/octet-stream"
}
c.Header("Content-Type", contentType)
c.Header("Content-Disposition", "attachment; filename=\""+filename+"\"")
c.Header("Content-Disposition", mime.FormatMediaType("attachment", map[string]string{"filename": filename}))
if cl := resp.Header.Get("Content-Length"); cl != "" {
c.Header("Content-Length", cl)
}