From 66969d5004726d99c4e975fb7b01da4d641e0f55 Mon Sep 17 00:00:00 2001 From: Charles Fulton Date: Wed, 9 May 2012 16:03:33 -0400 Subject: [PATCH] MDL-32889 lib: escape filename in Content-Disposition header --- admin/user/user_bulk_download.php | 2 +- course/lib.php | 2 +- lib/excel/test.php | 4 ++-- lib/filelib.php | 2 +- mod/data/lib.php | 2 +- mod/feedback/export.php | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/admin/user/user_bulk_download.php b/admin/user/user_bulk_download.php index 6b5881c06e11a..27fc9b924adf1 100644 --- a/admin/user/user_bulk_download.php +++ b/admin/user/user_bulk_download.php @@ -152,7 +152,7 @@ function user_download_csv($fields) { $filename = clean_filename(get_string('users').'.csv'); header("Content-Type: application/download\n"); - header("Content-Disposition: attachment; filename=$filename"); + header("Content-Disposition: attachment; filename=\"$filename\""); header("Expires: 0"); header("Cache-Control: must-revalidate,post-check=0,pre-check=0"); header("Pragma: public"); diff --git a/course/lib.php b/course/lib.php index 5b7f13a0b0535..d3c83c1904ca0 100644 --- a/course/lib.php +++ b/course/lib.php @@ -566,7 +566,7 @@ function print_log_csv($course, $user, $date, $order='l.time DESC', $modname, $filename = 'logs_'.userdate(time(),get_string('backupnameformat', 'langconfig'),99,false); $filename .= '.txt'; header("Content-Type: application/download\n"); - header("Content-Disposition: attachment; filename=$filename"); + header("Content-Disposition: attachment; filename=\"$filename\""); header("Expires: 0"); header("Cache-Control: must-revalidate,post-check=0,pre-check=0"); header("Pragma: public"); diff --git a/lib/excel/test.php b/lib/excel/test.php index 888bbc3622314..68300f6261088 100644 --- a/lib/excel/test.php +++ b/lib/excel/test.php @@ -6,7 +6,7 @@ function HeaderingExcel($filename) { header("Content-type: application/vnd.ms-excel"); - header("Content-Disposition: attachment; filename=$filename" ); + header("Content-Disposition: attachment; filename=\"$filename\"" ); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0,pre-check=0"); header("Pragma: public"); @@ -87,4 +87,4 @@ function HeaderingExcel($filename) { //$worksheet2->insert_bitmap(0, 0, "some.bmp",10,10); $workbook->close(); -?> \ No newline at end of file +?> diff --git a/lib/filelib.php b/lib/filelib.php index aba71758c818c..f10d8ca5d63ea 100644 --- a/lib/filelib.php +++ b/lib/filelib.php @@ -1801,7 +1801,7 @@ function send_temp_file($path, $filename, $pathisstring=false) { $filename = urlencode($filename); } - header('Content-Disposition: attachment; filename='.$filename); + header('Content-Disposition: attachment; filename="'.$filename.'"'); if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 header('Cache-Control: max-age=10'); header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT'); diff --git a/mod/data/lib.php b/mod/data/lib.php index d846ea285508e..64e1ecb161730 100644 --- a/mod/data/lib.php +++ b/mod/data/lib.php @@ -2724,7 +2724,7 @@ function data_export_csv($export, $delimiter_name, $dataname, $count, $return=fa $filename .= '.csv'; if (empty($return)) { header("Content-Type: application/download\n"); - header("Content-Disposition: attachment; filename=$filename"); + header("Content-Disposition: attachment; filename=\"$filename\""); header('Expires: 0'); header('Cache-Control: must-revalidate,post-check=0,pre-check=0'); header('Pragma: public'); diff --git a/mod/feedback/export.php b/mod/feedback/export.php index a7a080f4c2412..3b78120aa6690 100644 --- a/mod/feedback/export.php +++ b/mod/feedback/export.php @@ -168,6 +168,6 @@ function feedback_get_xml_data($feedbackid) { function feedback_send_xml_data($data, $filename) { @header('Content-Type: application/xml; charset=UTF-8'); - @header('Content-Disposition: attachment; filename='.$filename); + @header('Content-Disposition: attachment; filename="'.$filename.'"'); print($data); }