summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/CGI.pm25
1 files changed, 25 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index ce7cdf429..58a681491 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -347,6 +347,10 @@ sub header {
unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
}
+ if ($self->{'_content_disp'}) {
+ unshift(@_, '-content_disposition' => $self->{'_content_disp'});
+ }
+
# Add X-XSS-Protection header to prevent simple XSS attacks
# and enforce the blocking (rather than the rewriting) mode.
unshift(@_, '-x_xss_protection' => '1; mode=block');
@@ -560,6 +564,22 @@ sub url_is_attachment_base {
return ($self->self_url =~ $regex) ? 1 : 0;
}
+sub set_dated_content_disp {
+ my ($self, $type, $prefix, $ext) = @_;
+
+ my @time = localtime(time());
+ my $date = sprintf "%04d-%02d-%02d", 1900+$time[5], $time[4]+1, $time[3];
+ my $filename = "$prefix-$date.$ext";
+
+ $filename =~ s/\s/_/g; # Remove whitespace to avoid HTTP header tampering
+ $filename =~ s/\\/_/g; # Remove backslashes as well
+ $filename =~ s/"/\\"/g; # escape quotes
+
+ my $disposition = "$type; filename=\"$filename\"";
+
+ $self->{'_content_disp'} = $disposition;
+}
+
##########################
# Vars TIEHASH Interface #
##########################
@@ -667,6 +687,11 @@ instead of calling this directly.
Redirects from the current URL to one prefixed by the urlbase parameter.
+=item C<set_dated_content_disp>
+
+Sets an appropriate date-dependent value for the Content Disposition header
+for a downloadable resource.
+
=back
=head1 SEE ALSO