Closed Bug 275110 Opened 20 years ago Closed 20 years ago

Content-disposition filename handling violates RFCs 2183 and 2616

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jaas, Assigned: jaas)

Details

Attachments

(1 file)

fix v1.0
520 bytes, patch
benjamin
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review 
On line 587 of contentAreaUtils.js, you'll see:

fileName = fileName.replace(/^"|"$/g, "");

This strips quotes returned from getParameter(), where it is asked for the file
name suggested in the Content-disposition value of the HTTP response header.
This violates RFCs 2183 and 2616. This line appears to be a hack added in
response to bugzilla sending incorrect headers, which biesi and I discovered
today. See bug 275108. The value you get from getParameter() is the correct
suggested value - it shouldn't be messed with.
The solution is to just remove that line.
ccing jshin, since that "hack added in response to bugzilla sending incorrect
headers" was actually added in bug 215493 as a port of bug 158006 (where I don't
see any mention of bugzilla's headers) which Seamonkey used right up until bug
160454 pulled all that code out in October. Might be worthwhile finding out why
it was there before we rip it out as having been a bugzilla workaround.
Phil, that bug did not add this line. see the patch there - attachment 126311 [details] [diff] [review]
shows that the line existed before, it was just moved.

Instead, bz added it in bug 121509. it seems to me, though, that at least since
we have nsIMIMEHeaderParam we don't need it anymore.
Note that this line exists in and should be removed from the code that the moz
suite uses for the same purpose...
(In reply to comment #4)
> Note that this line exists in and should be removed from the code that the moz
> suite uses for the same purpose...

hm... really? I can't find it; could you mention the location of that line?
biesi is right -- this line can just go.  

And I also can't seem to find it in trunk seamonkey....
Attached patch fix v1.0Splinter Review 
Assignee: firefox → joshmoz
Status: NEW → ASSIGNED

        Attachment #172844 -
        Flags: superreview?(bzbarsky)

        Attachment #172844 -
        Flags: review?(bryner)

    
  

        Attachment #172844 -
        Flags: review?(bryner) → review?(cbiesinger)

    
    

    
  
Comment on attachment 172844 [details] [diff] [review]
fix v1.0

please find a firefox peer to review this patch

        Attachment #172844 -
        Flags: review?(cbiesinger) → review?

    
  

        Attachment #172844 -
        Flags: review? → review?(bugs)

    
    

    
  
Comment on attachment 172844 [details] [diff] [review]
fix v1.0

Not that this is needed for Firefox..

        Attachment #172844 -
        Flags: superreview?(bzbarsky) → superreview+

    
  

        Attachment #172844 -
        Flags: review?(bugs) → review+

    
    

    
  
landed on trunk
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: