MDL-32889 lib: escape filename in Content-Disposition header

moodle · May 9, 2012 · 66969d5 · 66969d5
1 parent e16e230
commit 66969d5
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 7 deletions.
diff --git a/admin/user/user_bulk_download.php b/admin/user/user_bulk_download.php
@@ -152,7 +152,7 @@ function user_download_csv($fields) {
     $filename = clean_filename(get_string('users').'.csv');
 
     header("Content-Type: application/download\n");
-    header("Content-Disposition: attachment; filename=$filename");
+    header("Content-Disposition: attachment; filename=\"$filename\"");
     header("Expires: 0");
     header("Cache-Control: must-revalidate,post-check=0,pre-check=0");
     header("Pragma: public");

diff --git a/course/lib.php b/course/lib.php
@@ -566,7 +566,7 @@ function print_log_csv($course, $user, $date, $order='l.time DESC', $modname,
     $filename = 'logs_'.userdate(time(),get_string('backupnameformat', 'langconfig'),99,false);
     $filename .= '.txt';
     header("Content-Type: application/download\n");
-    header("Content-Disposition: attachment; filename=$filename");
+    header("Content-Disposition: attachment; filename=\"$filename\"");
     header("Expires: 0");
     header("Cache-Control: must-revalidate,post-check=0,pre-check=0");
     header("Pragma: public");

diff --git a/lib/excel/test.php b/lib/excel/test.php
@@ -6,7 +6,7 @@
 
   function HeaderingExcel($filename) {
       header("Content-type: application/vnd.ms-excel");
-      header("Content-Disposition: attachment; filename=$filename" );
+      header("Content-Disposition: attachment; filename=\"$filename\"" );
       header("Expires: 0");
       header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
       header("Pragma: public");
@@ -87,4 +87,4 @@ function HeaderingExcel($filename) {
   //$worksheet2->insert_bitmap(0, 0, "some.bmp",10,10);
 
   $workbook->close();
-?>
+?>
diff --git a/lib/filelib.php b/lib/filelib.php
@@ -1801,7 +1801,7 @@ function send_temp_file($path, $filename, $pathisstring=false) {
         $filename = urlencode($filename);
     }
 
-    header('Content-Disposition: attachment; filename='.$filename);
+    header('Content-Disposition: attachment; filename="'.$filename.'"');
     if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
         header('Cache-Control: max-age=10');
         header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');

diff --git a/mod/data/lib.php b/mod/data/lib.php
@@ -2724,7 +2724,7 @@ function data_export_csv($export, $delimiter_name, $dataname, $count, $return=fa
     $filename .= '.csv';
     if (empty($return)) {
         header("Content-Type: application/download\n");
-        header("Content-Disposition: attachment; filename=$filename");
+        header("Content-Disposition: attachment; filename=\"$filename\"");
         header('Expires: 0');
         header('Cache-Control: must-revalidate,post-check=0,pre-check=0');
         header('Pragma: public');

diff --git a/mod/feedback/export.php b/mod/feedback/export.php
@@ -168,6 +168,6 @@ function feedback_get_xml_data($feedbackid) {
 
 function feedback_send_xml_data($data, $filename) {
     @header('Content-Type: application/xml; charset=UTF-8');
-    @header('Content-Disposition: attachment; filename='.$filename);
+    @header('Content-Disposition: attachment; filename="'.$filename.'"');
     print($data);
 }