Skip to content
Browse files

MDL-32889 lib: escape filename in Content-Disposition header

  • Loading branch information...
1 parent e16e230 commit 66969d5004726d99c4e975fb7b01da4d641e0f55 @mackensen mackensen committed May 9, 2012
Showing with 7 additions and 7 deletions.
  1. +1 −1 admin/user/user_bulk_download.php
  2. +1 −1 course/lib.php
  3. +2 −2 lib/excel/test.php
  4. +1 −1 lib/filelib.php
  5. +1 −1 mod/data/lib.php
  6. +1 −1 mod/feedback/export.php
View
2 admin/user/user_bulk_download.php
@@ -152,7 +152,7 @@ function user_download_csv($fields) {
$filename = clean_filename(get_string('users').'.csv');
header("Content-Type: application/download\n");
- header("Content-Disposition: attachment; filename=$filename");
+ header("Content-Disposition: attachment; filename=\"$filename\"");
header("Expires: 0");
header("Cache-Control: must-revalidate,post-check=0,pre-check=0");
header("Pragma: public");
View
2 course/lib.php
@@ -566,7 +566,7 @@ function print_log_csv($course, $user, $date, $order='l.time DESC', $modname,
$filename = 'logs_'.userdate(time(),get_string('backupnameformat', 'langconfig'),99,false);
$filename .= '.txt';
header("Content-Type: application/download\n");
- header("Content-Disposition: attachment; filename=$filename");
+ header("Content-Disposition: attachment; filename=\"$filename\"");
header("Expires: 0");
header("Cache-Control: must-revalidate,post-check=0,pre-check=0");
header("Pragma: public");
View
4 lib/excel/test.php
@@ -6,7 +6,7 @@
function HeaderingExcel($filename) {
header("Content-type: application/vnd.ms-excel");
- header("Content-Disposition: attachment; filename=$filename" );
+ header("Content-Disposition: attachment; filename=\"$filename\"" );
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
header("Pragma: public");
@@ -87,4 +87,4 @@ function HeaderingExcel($filename) {
//$worksheet2->insert_bitmap(0, 0, "some.bmp",10,10);
$workbook->close();
-?>
+?>
View
2 lib/filelib.php
@@ -1801,7 +1801,7 @@ function send_temp_file($path, $filename, $pathisstring=false) {
$filename = urlencode($filename);
}
- header('Content-Disposition: attachment; filename='.$filename);
+ header('Content-Disposition: attachment; filename="'.$filename.'"');
if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
header('Cache-Control: max-age=10');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
View
2 mod/data/lib.php
@@ -2724,7 +2724,7 @@ function data_export_csv($export, $delimiter_name, $dataname, $count, $return=fa
$filename .= '.csv';
if (empty($return)) {
header("Content-Type: application/download\n");
- header("Content-Disposition: attachment; filename=$filename");
+ header("Content-Disposition: attachment; filename=\"$filename\"");
header('Expires: 0');
header('Cache-Control: must-revalidate,post-check=0,pre-check=0');
header('Pragma: public');
View
2 mod/feedback/export.php
@@ -168,6 +168,6 @@ function feedback_get_xml_data($feedbackid) {
function feedback_send_xml_data($data, $filename) {
@header('Content-Type: application/xml; charset=UTF-8');
- @header('Content-Disposition: attachment; filename='.$filename);
+ @header('Content-Disposition: attachment; filename="'.$filename.'"');
print($data);
}

0 comments on commit 66969d5

Please sign in to comment.
Something went wrong with that request. Please try again.