Storage/S3: Escape filename in content-disp header

2026-03-13 15:34:37 +00:00 · 2018-04-11 15:16:12 +02:00 · 2018-04-11 15:16:12 +02:00 · 068ee646b8
commit 068ee646b8
parent 24572e6f7e
1 changed files with 5 additions and 3 deletions
--- a/storage_s3/indico_storage_s3/plugin.py
+++ b/storage_s3/indico_storage_s3/plugin.py
@ -24,6 +24,7 @@ from math import ceil
 from tempfile import NamedTemporaryFile

 import boto3
+from werkzeug.datastructures import Headers
 from werkzeug.utils import redirect

 from indico.core import signals
@ -100,12 +101,13 @@ class S3Storage(Storage):

    def send_file(self, file_id, content_type, filename, inline=True):
        try:
-            content_disp = ('inline; filename="%s"' % filename if inline
-                            else 'attachment; filename="%s"' % filename)
+            content_disp = ('inline' if inline else 'attachment')
+            h = Headers()
+            h.add('Content-Disposition', content_disp, filename=filename)
            url = self.client.generate_presigned_url('get_object',
                                                     Params={'Bucket': self.bucket,
                                                             'Key': file_id,
-                                                             'ResponseContentDisposition': content_disp,
+                                                             'ResponseContentDisposition': h.get('Content-Disposition'),
                                                             'ResponseContentType': content_type},
                                                     ExpiresIn=120)
            return redirect(url)