--- attachment.cgi 2025-01-05 18:54:59.905718000 +0000 +++ /home/linimon/attachment.cgi.merged 2025-01-05 18:54:30.147293000 +0000 @@ -25,8 +25,8 @@ use Bugzilla::Attachment::PatchReader; use Bugzilla::Token; -use Encode qw(encode find_encoding); -use Encode::MIME::Header; # Required to alter Encode::Encoding{'MIME-Q'}. +use Encode qw(find_encoding); +use URI::Escape qw(uri_escape_utf8); # For most scripts we don't make $cgi and $template global variables. But # when preparing Bugzilla for mod_perl, this script used these @@ -349,10 +349,8 @@ $filename =~ s/\\/\\\\/g; # escape backslashes $filename =~ s/"/\\"/g; # escape quotes - # Avoid line wrapping done by Encode, which we don't need for HTTP - # headers. See discussion in bug 328628 for details. - local $Encode::Encoding{'MIME-Q'}->{'bpl'} = 10000; - $filename = encode('MIME-Q', $filename); + # Follow RFC 6266 section 4.1 (which itself points to RFC 5987 section 3.2) + $filename = uri_escape_utf8($filename); my $disposition = Bugzilla->params->{'allow_attachment_display'} ? 'inline' : 'attachment'; @@ -372,10 +370,14 @@ } } } + + # IE8 and older do not support RFC 6266. So for these old browsers + # we still pass the old 'filename' attribute. Modern browsers will + # automatically pick the new 'filename*' attribute. print $cgi->header( - -type => "$contenttype; name=\"$filename\"", - -content_disposition => "$disposition; filename=\"$filename\"", - -content_length => $attachment->datasize + -type=> $contenttype, + -content_disposition=> "$disposition; filename=\"$filename\"; filename*=UTF-8''$filename", + -content_length => $attachment->datasize ); disable_utf8(); print $attachment->data;