blob: afa1dae2c7fcadf71dafb9f434077d9b5deb6cd9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
--- attachment.cgi 2025-01-05 18:54:59.905718000 +0000
+++ /home/linimon/attachment.cgi.merged 2025-01-05 18:54:30.147293000 +0000
@@ -25,8 +25,8 @@
use Bugzilla::Attachment::PatchReader;
use Bugzilla::Token;
-use Encode qw(encode find_encoding);
-use Encode::MIME::Header; # Required to alter Encode::Encoding{'MIME-Q'}.
+use Encode qw(find_encoding);
+use URI::Escape qw(uri_escape_utf8);
# For most scripts we don't make $cgi and $template global variables. But
# when preparing Bugzilla for mod_perl, this script used these
@@ -349,10 +349,8 @@
$filename =~ s/\\/\\\\/g; # escape backslashes
$filename =~ s/"/\\"/g; # escape quotes
- # Avoid line wrapping done by Encode, which we don't need for HTTP
- # headers. See discussion in bug 328628 for details.
- local $Encode::Encoding{'MIME-Q'}->{'bpl'} = 10000;
- $filename = encode('MIME-Q', $filename);
+ # Follow RFC 6266 section 4.1 (which itself points to RFC 5987 section 3.2)
+ $filename = uri_escape_utf8($filename);
my $disposition
= Bugzilla->params->{'allow_attachment_display'} ? 'inline' : 'attachment';
@@ -372,10 +370,14 @@
}
}
}
+
+ # IE8 and older do not support RFC 6266. So for these old browsers
+ # we still pass the old 'filename' attribute. Modern browsers will
+ # automatically pick the new 'filename*' attribute.
print $cgi->header(
- -type => "$contenttype; name=\"$filename\"",
- -content_disposition => "$disposition; filename=\"$filename\"",
- -content_length => $attachment->datasize
+ -type=> $contenttype,
+ -content_disposition=> "$disposition; filename=\"$filename\"; filename*=UTF-8''$filename",
+ -content_length => $attachment->datasize
);
disable_utf8();
print $attachment->data;
|
