Permalink
Browse files

bug #23658 [HttpFoundation] Generate safe fallback filename for wrong…

…ly encoded filename (xelaris)

This PR was merged into the 2.7 branch.

Discussion
----------

[HttpFoundation] Generate safe fallback filename for wrongly encoded filename

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        |

This handles the case where the encoding of a random string cannot be detected. Until now this causes a PHP Warning `mb_strlen(): Unknown encoding ""`.

Commits
-------

8fd5569 [HttpFoundation] Generate safe fallback filename for wrongly encoded filename
  • Loading branch information...
nicolas-grekas committed Aug 5, 2017
2 parents 00a8c94 + 8fd5569 commit ffa005c036fcde0b68e618ef8977e7d46b852234
@@ -150,7 +150,7 @@ public function setAutoEtag()
* Sets the Content-Disposition header with the given filename.
*
* @param string $disposition ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT
* @param string $filename Optionally use this filename instead of the real name of the file
* @param string $filename Optionally use this UTF-8 encoded filename instead of the real name of the file
* @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename
*
* @return $this
@@ -162,7 +162,7 @@ public function setContentDisposition($disposition, $filename = '', $filenameFal
}
if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || false !== strpos($filename, '%'))) {
$encoding = mb_detect_encoding($filename, null, true);
$encoding = mb_detect_encoding($filename, null, true) ?: '8bit';
for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) {
$char = mb_substr($filename, $i, 1, $encoding);
@@ -68,6 +68,17 @@ public function testSetContentDispositionGeneratesSafeFallbackFilename()
$this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%C3%B6%C3%B6.html', $response->headers->get('Content-Disposition'));
}
public function testSetContentDispositionGeneratesSafeFallbackFilenameForWronglyEncodedFilename()
{
$response = new BinaryFileResponse(__FILE__);
$iso88591EncodedFilename = utf8_decode('föö.html');
$response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $iso88591EncodedFilename);
// the parameter filename* is invalid in this case (rawurldecode('f%F6%F6') does not provide a UTF-8 string but an ISO-8859-1 encoded one)
$this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%F6%F6.html', $response->headers->get('Content-Disposition'));
}
/**
* @dataProvider provideRanges
*/

0 comments on commit ffa005c

Please sign in to comment.