Closed
Bug 1413074
Opened 7 years ago
Closed 7 years ago
download filename not sanitized with Content-Disposition: inline
Categories
(Firefox :: File Handling, defect, P1)
Tracking
()
RESOLVED
FIXED
Firefox 58
People
(Reporter: l.mai, Assigned: Paolo)
Details
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Linux i686; rv:56.0) Gecko/20100101 Firefox/56.0 Build ID: 20171009144901 Steps to reproduce: I was playing around with HTTP headers and Firefox (on Linux). 1. I visited a URL that responded with 'Content-Disposition: attachment; filename="../wat.txt"' 2. I visited a URL that responded with 'Content-Disposition: inline; filename="../wat.txt"' 3. I pressed Ctrl-S to save the page 4. I visited a URL that responded with 'Content-Disposition: attachment; filename="/wat2.txt"' 5. I visited a URL that responded with 'Content-Disposition: inline; filename="/wat2.txt"' 6. I pressed Ctrl-S to save the page Actual results: 1. Firefox popped up a dialog: "You have chosen to open: " with an empty filename. Saving the file produced a file called ~/Downloads/YVQeN4_Y.asc. 2. Firefox displayed the response inline. 3. Firefox popped up a "Save as" dialog with the filename prefilled as "../wat.txt". Clicking the "Save" button actually created a file outside of the visible directory (i.e. the dialog displayed ~/Downloads, but saving created ~/Downloads/../wat.txt, which is ~/wat.txt). 4. Firefox popped up a dialog: "You have chosen to open: _wat2.txt". 5. Firefox displayed the response inline. 6. Firefox popped up a "Save as" dialog with the filename prefilled as "/wat2.txt". Clicking "Save" starts a download, but it immediately shows up as "Failed" (presumably because I don't have write permissions on /). Expected results: 1. Honestly, I'm not sure. I would have expected it to mangle the name to "___wat.txt" or ".._wat.txt". However, the "You have chosen to open" dialog should not display an empty filename field; if nothing else, it should show the final generated name (YVQeN4_Y.asc). 2. - 3. Firefox should probably not use / characters as-is in the suggested filename. In particular, it should not silently create a file in a different directory than what the save dialog shows. It should use the same name-mangling algorithm that "Content-Disposition: attachment" uses. 4. - 5. - 6. Firefox should probably not use / characters as-is in the suggested filename. In particular, it should not silently create a file in a different directory than what the save dialog shows. It should use the same name-mangling algorithm that "Content-Disposition: attachment" uses.
Assignee | ||
Comment 1•7 years ago
|
||
Thanks for reporting! The issue of files being saved in a parent directory affects Linux only, because on other platforms the file picker sanitizes the file name itself, but it makes sense for the browser to prepare a valid file name consistently on all platforms.
Assignee: nobody → paolo.mozmail
Status: UNCONFIRMED → ASSIGNED
status-firefox57:
--- → wontfix
Ever confirmed: true
Priority: -- → P1
Comment hidden (mozreview-request) |
Comment 3•7 years ago
|
||
mozreview-review |
Comment on attachment 8924143 [details] Bug 1413074 - Sanitize the file names of downloads before opening the file picker. https://reviewboard.mozilla.org/r/195404/#review201070 ::: toolkit/mozapps/downloads/nsHelperAppDlg.js:287 (Diff revision 1) > // Use file picker to show dialog. > var nsIFilePicker = Components.interfaces.nsIFilePicker; > var picker = Components.classes["@mozilla.org/filepicker;1"].createInstance(nsIFilePicker); > var windowTitle = bundle.GetStringFromName("saveDialogTitle"); > picker.init(parent, windowTitle, nsIFilePicker.modeSave); > - picker.defaultString = aDefaultFile; > + picker.defaultString = this.getFinalLeafName(aDefaultFile); Could you please rename the aDefaultFile argument of this method to aDefaultFileName (like it is in the idl)? I found it quite confusing since it sounds like a file object but it's passed around to all the methods expecting a filename...
Attachment #8924143 -
Flags: review?(mak77) → review+
Pushed by paolo.mozmail@amadzone.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/7dfb5111a3a8 Sanitize the file names of downloads before opening the file picker. r=mak
Comment 5•7 years ago
|
||
Backed out for failing browser-chrome's browser/components/privatebrowsing/test/browser/browser_privatebrowsing_downloadLastDir.js: https://hg.mozilla.org/integration/mozilla-inbound/rev/4d3dc7f1d15d2794494bdb801551cd111b4c7fa3 Push with failures: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=7dfb5111a3a8bc78cabdfaca96c4d949e33bafdb&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=141936948&repo=mozilla-inbound [task 2017-11-03T12:10:47.081Z] 12:10:47 INFO - TEST-PASS | browser/components/privatebrowsing/test/browser/browser_privatebrowsing_downloadLastDir.js | LastDir should be the expected display dir - [task 2017-11-03T12:10:47.082Z] 12:10:47 INFO - TEST-PASS | browser/components/privatebrowsing/test/browser/browser_privatebrowsing_downloadLastDir.js | gDownloadLastDir should be the expected display dir - [task 2017-11-03T12:10:47.084Z] 12:10:47 INFO - Console message: [JavaScript Error: "leafName is null" {file: "resource://gre/modules/DownloadPaths.jsm" line: 76}] [task 2017-11-03T12:10:47.086Z] 12:10:47 INFO - sanitize@resource://gre/modules/DownloadPaths.jsm:76:5 [task 2017-11-03T12:10:47.087Z] 12:10:47 INFO - getFinalLeafName@jar:file:///builds/worker/workspace/build/application/firefox/omni.ja!/components/nsHelperAppDlg.js:375:12 [task 2017-11-03T12:10:47.088Z] 12:10:47 INFO - promptForSaveToFileAsync/<@jar:file:///builds/worker/workspace/build/application/firefox/omni.ja!/components/nsHelperAppDlg.js:289:30 [task 2017-11-03T12:10:47.089Z] 12:10:47 INFO - async*promptForSaveToFileAsync@jar:file:///builds/worker/workspace/build/application/firefox/omni.ja!/components/nsHelperAppDlg.js:252:6 [task 2017-11-03T12:10:47.091Z] 12:10:47 INFO - testDownloadDir@chrome://mochitests/content/browser/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_downloadLastDir.js:79:5 [task 2017-11-03T12:10:47.092Z] 12:10:47 INFO - test/<@chrome://mochitests/content/browser/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_downloadLastDir.js:83:5 [task 2017-11-03T12:10:47.095Z] 12:10:47 INFO - test/testOnWindow/<@chrome://mochitests/content/browser/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_downloadLastDir.js:44:7 [task 2017-11-03T12:10:47.096Z] 12:10:47 INFO - whenNewWindowLoaded/</<@chrome://mochitests/content/browser/browser/components/privatebrowsing/test/browser/head.js:19:40 [task 2017-11-03T12:10:47.097Z] 12:10:47 INFO - run@chrome://mochikit/content/browser-test.js:1039:9 [task 2017-11-03T12:10:47.098Z] 12:10:47 INFO - [task 2017-11-03T12:10:47.099Z] 12:10:47 INFO - Buffered messages finished [task 2017-11-03T12:10:47.102Z] 12:10:47 INFO - TEST-UNEXPECTED-FAIL | browser/components/privatebrowsing/test/browser/browser_privatebrowsing_downloadLastDir.js | Test timed out -
Flags: needinfo?(paolo.mozmail)
Pushed by paolo.mozmail@amadzone.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/8bd4bc797100 Sanitize the file names of downloads before opening the file picker. r=mak
Assignee | ||
Updated•7 years ago
|
Flags: needinfo?(paolo.mozmail)
Comment 7•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/8bd4bc797100
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 58
You need to log in
before you can comment on or make changes to this bug.
Description
•