diff options
| author | Fumiaki MATSUSHIMA <mtsmfm@gmail.com> | 2018-09-09 16:35:48 +0900 |
|---|---|---|
| committer | Fumiaki MATSUSHIMA <mtsmfm@gmail.com> | 2018-09-13 21:38:46 +0900 |
| commit | 890485cfce4c361c03a41ec23b0ba187007818cc (patch) | |
| tree | 1bcf2bccc7cdb710511929dbcb4b68dd602df7f3 /actionpack/lib/action_dispatch/http | |
| parent | 823f9e0a89707561b54196bf4aabe20c5edb88c1 (diff) | |
| download | rails-890485cfce4c361c03a41ec23b0ba187007818cc.tar.gz rails-890485cfce4c361c03a41ec23b0ba187007818cc.tar.bz2 rails-890485cfce4c361c03a41ec23b0ba187007818cc.zip | |
Encode Content-Disposition filenames on send_data and send_file
Diffstat (limited to 'actionpack/lib/action_dispatch/http')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/content_disposition.rb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/http/content_disposition.rb b/actionpack/lib/action_dispatch/http/content_disposition.rb new file mode 100644 index 0000000000..58164c1522 --- /dev/null +++ b/actionpack/lib/action_dispatch/http/content_disposition.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +module ActionDispatch + module Http + class ContentDisposition # :nodoc: + def self.format(disposition:, filename:) + new(disposition: disposition, filename: filename).to_s + end + + attr_reader :disposition, :filename + + def initialize(disposition:, filename:) + @disposition = disposition + @filename = filename + end + + TRADITIONAL_ESCAPED_CHAR = /[^ A-Za-z0-9!#$+.^_`|~-]/ + + def ascii_filename + 'filename="' + percent_escape(I18n.transliterate(filename), TRADITIONAL_ESCAPED_CHAR) + '"' + end + + RFC_5987_ESCAPED_CHAR = /[^A-Za-z0-9!#$&+.^_`|~-]/ + + def utf8_filename + "filename*=UTF-8''" + percent_escape(filename, RFC_5987_ESCAPED_CHAR) + end + + def to_s + if filename + "#{disposition}; #{ascii_filename}; #{utf8_filename}" + else + "#{disposition}" + end + end + + private + def percent_escape(string, pattern) + string.gsub(pattern) do |char| + char.bytes.map { |byte| "%%%02X" % byte }.join + end + end + end + end +end |