# HG changeset patch # User Thomas Arendsen Hein # Date 1203181950 -3600 # Node ID 1c0e7afe824a05e27c9f272b023ad36b8e3a6e14 # Parent acfb9fa494e290440e489a6abf57b50421ecced5 hgweb: Quote filenames when downloading raw files. diff -r acfb9fa494e2 -r 1c0e7afe824a mercurial/hgweb/request.py --- a/mercurial/hgweb/request.py Sat Feb 16 17:51:30 2008 +0100 +++ b/mercurial/hgweb/request.py Sat Feb 16 18:12:30 2008 +0100 @@ -85,8 +85,10 @@ if type is not None: headers.append(('Content-Type', type)) if filename: + filename = (filename.split('/')[-1] + .replace('\\', '\\\\').replace('"', '\\"')) headers.append(('Content-Disposition', - 'inline; filename=%s' % filename.split('/')[-1])) + 'inline; filename="%s"' % filename)) if length: headers.append(('Content-Length', str(length))) self.header(headers) diff -r acfb9fa494e2 -r 1c0e7afe824a tests/test-webraw --- a/tests/test-webraw Sat Feb 16 17:51:30 2008 +0100 +++ b/tests/test-webraw Sat Feb 16 18:12:30 2008 +0100 @@ -3,17 +3,17 @@ hg init test cd test mkdir sub -cat >sub/sometext.txt <'sub/some "text".txt' <> $DAEMON_PIDS -("$TESTDIR/get-with-headers.py" localhost:$HGPORT '/?f=37afcac6d393;file=sub/sometext.txt;style=raw' content-type content-length content-disposition) >getoutput.txt & +("$TESTDIR/get-with-headers.py" localhost:$HGPORT '/?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw' content-type content-length content-disposition) >getoutput.txt & sleep 5 kill `cat hg.pid` diff -r acfb9fa494e2 -r 1c0e7afe824a tests/test-webraw.out --- a/tests/test-webraw.out Sat Feb 16 17:51:30 2008 +0100 +++ b/tests/test-webraw.out Sat Feb 16 18:12:30 2008 +0100 @@ -1,10 +1,10 @@ 200 Script output follows content-type: text/plain content-length: 157 -content-disposition: inline; filename=sometext.txt +content-disposition: inline; filename="some \"text\".txt" This is just some random text that will go inside the file and take a few lines. It is very boring to read, but computers don't care about things like that. -host - - [date] "GET /?f=37afcac6d393;file=sub/sometext.txt;style=raw HTTP/1.1" 200 - +host - - [date] "GET /?f=a23bf1310f6e;file=sub/some%20%22text%22.txt;style=raw HTTP/1.1" 200 -