Aristotle Pagaltzis <[EMAIL PROTECTED]> wrote on 08/20/2008 04:12:18 PM:
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-08-20 17:55]: > > Aristotle Pagaltzis <[EMAIL PROTECTED]> wrote on 08/19/2008 04:39:55 PM: > > > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-08-19 21:55]: > > > > $c->response->headers->header('Content-disposition:' => > "attachment; filename=$filename" ); > > > > > > You forgot > > > > > > $filename =~ s!"!\\"!g; > > > > Yes, I usually sanitize and escape outside of that block -- > > good catch. > > I prefer to do this kind of encode/decode stuff at the boundaries > of the code. It is hard to keep track of how the data is encoded > and who is responsible for what kind of transformation at what > time when you don?t do it that way. The particular case of these > filenames is probably not too difficult because you probably > aren?t going to be doing a whole lot with them anyway, but still, > I prefer to push encoding and decoding to the boundaries as a > general principle so I can never forget to take it into account > in the middle of the system. I should have been more concise, I mean outside of that block of lines (not elsewhere in the app logic). I just copied the bunch o header setting lines I used from my send file code... > > PS.: I missed the fact that that should of course also be > accompanied by always quoting the filename (which presumably in > your own code is also happening elsewhere): > > $filename =~ s!"!\\"!g; > $c->res->header( 'Content-Disposition' => qq[attachment; > filename="$filename"] ); > no, I have not quoted the filename. I have to look at the rfc further, but all my testing has shown it to work without the quotes... > Regards, > -- > Aristotle Pagaltzis // <http://plasmasturm.org/> > > _______________________________________________ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/