Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/Koha/UploadedFile.pm
David Cook 52f997fcfc Bug 28123: Quote filename value in Content-Disposition header 
Chrome throws a ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION
error if a Content-Disposition header includes an unquoted filename
that contains commas.

This patch adds quotes around the filename in the Content-Disposition
header, which fixes the problem.

Test plan:
0. Do not apply the patch yet
1. Obtain a PDF and rename it to include a comma in its name
2. Enable the upload.pl plugin in the 856$u of the Default framework
3. Add/edit a record in the Default Framework and upload a file
using the 856$u upload plugin.
4. Click on the resulting file URL in the saved file
5. Note the error ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION
is returned instead of the file

6. Apply the patch and restart your Plack instance

7. Click on the resulting file URL in the saved file
8. Note that you now get the PDF file instead of the error

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-16 12:28:18 +02:00

175 lines
3.8 KiB
Perl
Raw Blame History

package Koha::UploadedFile;
# Copyright Rijksmuseum 2016
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use File::Spec;
use parent qw(Koha::Object);
=head1 NAME
Koha::UploadedFile - Koha::Object class for single uploaded file
=head1 SYNOPSIS
use Koha::UploadedFile;
# store record in uploaded_files
my $upload = Koha::UploadedFile->new({ [columns and values] });
# get a file handle on an uploaded_file
my $fh = $upload->file_handle;
# get full path
my $path = $upload->full_path;
# delete uploaded file
$upload->delete;
=head1 DESCRIPTION
Allows regular CRUD operations on uploaded_files via Koha::Object / DBIx.
The delete method also takes care of deleting files. The full_path method
returns a fully qualified path for an upload.
Additional methods include: file_handle, httpheaders.
=head1 METHODS
=head2 INSTANCE METHODS
=head3 delete
Delete uploaded file.
It deletes not only the record, but also the actual file (unless you pass
the keep_file parameter).
Returns number of deleted records (1 or 0E0), or -1 for unknown.
Please keep in mind that a deleted record does not automatically imply a
deleted file; a warning may have been raised.
(TODO: Use exceptions.)
=cut
sub delete {
my ( $self, $params ) = @_;
my $name = $self->filename;
my $file = $self->full_path;
my $retval = $self->SUPER::delete;
return $retval if $params->{keep_file};
if( ! -e $file ) {
warn "Removing record for $name within category ".
$self->uploadcategorycode. ", but file was missing.";
} elsif( ! unlink($file) ) {
warn "Problem while deleting: $file";
}
return $retval;
}
=head3 full_path
Returns the fully qualified path name for an uploaded file.
=cut
sub full_path {
my ( $self ) = @_;
my $path = File::Spec->catfile(
$self->permanent
? $self->permanent_directory
: C4::Context->temporary_directory,
$self->dir,
$self->hashvalue. '_'. $self->filename,
);
return $path;
}
=head3 file_handle
Returns a file handle for an uploaded file.
=cut
sub file_handle {
my ( $self ) = @_;
$self->{_file_handle} = IO::File->new( $self->full_path, "r" );
return if !$self->{_file_handle};
$self->{_file_handle}->binmode;
return $self->{_file_handle};
}
=head3 httpheaders
httpheaders returns http headers for a retrievable upload.
Will be extended by report 14282
=cut
sub httpheaders {
my ( $self ) = @_;
if( $self->filename =~ /\.pdf$/ ) {
return (
'-type' => 'application/pdf',
'Content-Disposition' => 'inline; filename="'.$self->filename.'"',
);
} else {
return (
'-type' => 'application/octet-stream',
'-attachment' => $self->filename,
);
}
}
=head2 CLASS METHODS
=head3 permanent_directory
Returns root directory for permanent storage
=cut
sub permanent_directory {
my ( $class ) = @_;
return C4::Context->config('upload_path');
}
=head3 _type
Returns name of corresponding DBIC resultset
=cut
sub _type {
return 'UploadedFile';
}
=head1 AUTHOR
Marcel de Rooy (Rijksmuseum)
Koha Development Team
=cut
1;
View git blame Copy permalink