From c1a36f0bdc2420442db1304930a5b4f19ae4c400 Mon Sep 17 00:00:00 2001 From: Gautier Pelloux-Prayer Date: Sat, 11 May 2019 16:16:33 +0200 Subject: [PATCH 1/2] Content-Disposition filename must be quoted --- brouter-server/src/main/java/btools/server/RouteServer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/brouter-server/src/main/java/btools/server/RouteServer.java b/brouter-server/src/main/java/btools/server/RouteServer.java index 1754129..a4536cf 100644 --- a/brouter-server/src/main/java/btools/server/RouteServer.java +++ b/brouter-server/src/main/java/btools/server/RouteServer.java @@ -392,7 +392,7 @@ public class RouteServer extends Thread bw.write( "Content-Type: " + mimeType + "; charset=utf-8\n" ); if ( fileName != null ) { - bw.write( "Content-Disposition: attachment; filename=" + fileName + "\n" ); + bw.write( "Content-Disposition: attachment; filename=\"" + fileName + "\"\n" ); } bw.write( "Access-Control-Allow-Origin: *\n" ); if ( headers != null ) From 4cf86168fe70a937e8cdbe13caa586d5e699f3f4 Mon Sep 17 00:00:00 2001 From: Gautier Pelloux-Prayer Date: Sat, 11 May 2019 16:25:19 +0200 Subject: [PATCH 2/2] Remove invalid characters from filename --- .../src/main/java/btools/server/request/ServerHandler.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/brouter-server/src/main/java/btools/server/request/ServerHandler.java b/brouter-server/src/main/java/btools/server/request/ServerHandler.java index 48b508c..9fc4c63 100644 --- a/brouter-server/src/main/java/btools/server/request/ServerHandler.java +++ b/brouter-server/src/main/java/btools/server/request/ServerHandler.java @@ -191,7 +191,7 @@ public class ServerHandler extends RequestHandler { if ( format != null ) { - fileName = ( params.get( "trackname" ) == null ? "brouter" : params.get( "trackname" ) ) + "." + format; + fileName = ( params.get( "trackname" ) == null ? "brouter" : params.get( "trackname" ).replaceAll("[^a-zA-Z0-9 \\._\\-]+", "") ) + "." + format; } return fileName;