From 068ee646b8eddc779e78735f2b2b4a5ab45dd4ef Mon Sep 17 00:00:00 2001
From: Natalia Juszka <natalia.karina.juszka@cern.ch>
Date: Wed, 11 Apr 2018 15:16:12 +0200
Subject: [PATCH] Storage/S3: Escape filename in content-disp header

---
 storage_s3/indico_storage_s3/plugin.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/storage_s3/indico_storage_s3/plugin.py b/storage_s3/indico_storage_s3/plugin.py
index 7b47388..d28f34e 100644
--- a/storage_s3/indico_storage_s3/plugin.py
+++ b/storage_s3/indico_storage_s3/plugin.py
@@ -24,6 +24,7 @@ from math import ceil
 from tempfile import NamedTemporaryFile
 
 import boto3
+from werkzeug.datastructures import Headers
 from werkzeug.utils import redirect
 
 from indico.core import signals
@@ -100,12 +101,13 @@ class S3Storage(Storage):
 
     def send_file(self, file_id, content_type, filename, inline=True):
         try:
-            content_disp = ('inline; filename="%s"' % filename if inline
-                            else 'attachment; filename="%s"' % filename)
+            content_disp = ('inline' if inline else 'attachment')
+            h = Headers()
+            h.add('Content-Disposition', content_disp, filename=filename)
             url = self.client.generate_presigned_url('get_object',
                                                      Params={'Bucket': self.bucket,
                                                              'Key': file_id,
-                                                             'ResponseContentDisposition': content_disp,
+                                                             'ResponseContentDisposition': h.get('Content-Disposition'),
                                                              'ResponseContentType': content_type},
                                                      ExpiresIn=120)
             return redirect(url)