summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/helpers/download_helper.php10
-rw-r--r--system/helpers/url_helper.php2
2 files changed, 10 insertions, 2 deletions
diff --git a/system/helpers/download_helper.php b/system/helpers/download_helper.php
index 02d4ce11e..901e3277c 100644
--- a/system/helpers/download_helper.php
+++ b/system/helpers/download_helper.php
@@ -147,9 +147,17 @@ if ( ! function_exists('force_download'))
@ob_clean();
}
+ // RFC 6266 allows for multibyte filenames, but only in UTF-8,
+ // so we have to make it conditional ...
+ $charset = strtoupper(config_item('charset'));
+ $utf8_filename = ($charset !== 'UTF-8')
+ ? get_instance()->utf8->convert_to_utf8($filename, $charset)
+ : $filename;
+ isset($utf8_filename[0]) && $utf8_filename = " filename*=UTF-8''".rawurlencode($utf8_filename);
+
// Generate the server headers
header('Content-Type: '.$mime);
- header('Content-Disposition: attachment; filename="'.$filename.'"');
+ header('Content-Disposition: attachment; filename="'.$filename.'";'.$utf8_filename);
header('Expires: 0');
header('Content-Transfer-Encoding: binary');
header('Content-Length: '.$filesize);
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index e5d2d372f..3eb2cb0b0 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -396,7 +396,7 @@ if ( ! function_exists('auto_link'))
if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
{
// Set our target HTML if using popup links.
- $target = ($popup) ? ' target="_blank"' : '';
+ $target = ($popup) ? ' target="_blank" rel="noopener"' : '';
// We process the links in reverse order (last -> first) so that
// the returned string offsets from preg_match_all() are not