Encode Content-Disposition filenames on send_data and send_file

5 files changed, 5 insertions, 76 deletions

diff --git a/activestorage/app/models/active_storage/filename.rb b/activestorage/app/models/active_storage/filename.rb
index bebb5e61b3..2a03e0173d 100644
--- a/activestorage/app/models/active_storage/filename.rb
+++ b/activestorage/app/models/active_storage/filename.rb
@@ -3,8 +3,6 @@
 # Encapsulates a string representing a filename to provide convenient access to parts of it and sanitization.
 # A Filename instance is returned by ActiveStorage::Blob#filename, and is comparable so it can be used for sorting.
 class ActiveStorage::Filename
-  require_dependency "active_storage/filename/parameters"
-
   include Comparable
 
   class << self
@@ -60,10 +58,6 @@ class ActiveStorage::Filename
     @filename.encode(Encoding::UTF_8, invalid: :replace, undef: :replace, replace: "�").strip.tr("\u{202E}%$|:;/\t\r\n\\", "-")
   end
 
-  def parameters #:nodoc:
-    Parameters.new self
-  end
-
   # Returns the sanitized version of the filename.
   def to_s
     sanitized.to_s
diff --git a/activestorage/app/models/active_storage/filename/parameters.rb b/activestorage/app/models/active_storage/filename/parameters.rb
deleted file mode 100644
index fb9ea10e49..0000000000
--- a/activestorage/app/models/active_storage/filename/parameters.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-
-class ActiveStorage::Filename::Parameters #:nodoc:
-  attr_reader :filename
-
-  def initialize(filename)
-    @filename = filename
-  end
-
-  def combined
-    "#{ascii}; #{utf8}"
-  end
-
-  TRADITIONAL_ESCAPED_CHAR = /[^ A-Za-z0-9!#$+.^_`|~-]/
-
-  def ascii
-    'filename="' + percent_escape(I18n.transliterate(filename.sanitized), TRADITIONAL_ESCAPED_CHAR) + '"'
-  end
-
-  RFC_5987_ESCAPED_CHAR = /[^A-Za-z0-9!#$&+.^_`|~-]/
-
-  def utf8
-    "filename*=UTF-8''" + percent_escape(filename.sanitized, RFC_5987_ESCAPED_CHAR)
-  end
-
-  def to_s
-    combined
-  end
-
-  private
-    def percent_escape(string, pattern)
-      string.gsub(pattern) do |char|
-        char.bytes.map { |byte| "%%%02X" % byte }.join
-      end
-    end
-end
diff --git a/activestorage/lib/active_storage/service.rb b/activestorage/lib/active_storage/service.rb
index f915518f52..54ba08fb87 100644
--- a/activestorage/lib/active_storage/service.rb
+++ b/activestorage/lib/active_storage/service.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require "active_storage/log_subscriber"
+require "action_dispatch"
+require "action_dispatch/http/content_disposition"
 
 module ActiveStorage
   # Abstract class serving as an interface for concrete services.
@@ -122,7 +124,8 @@ module ActiveStorage
       end
 
       def content_disposition_with(type: "inline", filename:)
-        (type.to_s.presence_in(%w( attachment inline )) || "inline") + "; #{filename.parameters}"
+        disposition = (type.to_s.presence_in(%w( attachment inline )) || "inline")
+        ActionDispatch::Http::ContentDisposition.format(disposition: disposition, filename: filename.sanitized)
       end
   end
 end
diff --git a/activestorage/test/models/blob_test.rb b/activestorage/test/models/blob_test.rb
index 88c106a08b..1a6a89de56 100644
--- a/activestorage/test/models/blob_test.rb
+++ b/activestorage/test/models/blob_test.rb
@@ -185,7 +185,7 @@ class ActiveStorage::BlobTest < ActiveSupport::TestCase
   private
     def expected_url_for(blob, disposition: :inline, filename: nil)
       filename ||= blob.filename
-      query_string = { content_type: blob.content_type, disposition: "#{disposition}; #{filename.parameters}" }.to_param
+      query_string = { content_type: blob.content_type, disposition: ActionDispatch::Http::ContentDisposition.format(disposition: disposition, filename: filename.sanitized) }.to_param
       "https://example.com/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes, purpose: :blob_key)}/#{filename}?#{query_string}"
     end
 end
diff --git a/activestorage/test/models/filename/parameters_test.rb b/activestorage/test/models/filename/parameters_test.rb
deleted file mode 100644
index 431be00639..0000000000
--- a/activestorage/test/models/filename/parameters_test.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-class ActiveStorage::Filename::ParametersTest < ActiveSupport::TestCase
-  test "parameterizing a Latin filename" do
-    filename = ActiveStorage::Filename.new("racecar.jpg")
-
-    assert_equal %(filename="racecar.jpg"), filename.parameters.ascii
-    assert_equal "filename*=UTF-8''racecar.jpg", filename.parameters.utf8
-    assert_equal "#{filename.parameters.ascii}; #{filename.parameters.utf8}", filename.parameters.combined
-    assert_equal filename.parameters.combined, filename.parameters.to_s
-  end
-
-  test "parameterizing a Latin filename with accented characters" do
-    filename = ActiveStorage::Filename.new("råcëçâr.jpg")
-
-    assert_equal %(filename="racecar.jpg"), filename.parameters.ascii
-    assert_equal "filename*=UTF-8''r%C3%A5c%C3%AB%C3%A7%C3%A2r.jpg", filename.parameters.utf8
-    assert_equal "#{filename.parameters.ascii}; #{filename.parameters.utf8}", filename.parameters.combined
-    assert_equal filename.parameters.combined, filename.parameters.to_s
-  end
-
-  test "parameterizing a non-Latin filename" do
-    filename = ActiveStorage::Filename.new("автомобиль.jpg")
-
-    assert_equal %(filename="%3F%3F%3F%3F%3F%3F%3F%3F%3F%3F.jpg"), filename.parameters.ascii
-    assert_equal "filename*=UTF-8''%D0%B0%D0%B2%D1%82%D0%BE%D0%BC%D0%BE%D0%B1%D0%B8%D0%BB%D1%8C.jpg", filename.parameters.utf8
-    assert_equal "#{filename.parameters.ascii}; #{filename.parameters.utf8}", filename.parameters.combined
-    assert_equal filename.parameters.combined, filename.parameters.to_s
-  end
-end