[wp-trac] [WordPress Trac] #38231: Allow download_url to respect content-disposition header
WordPress Trac
noreply at wordpress.org
Wed Oct 27 14:58:40 UTC 2021
#38231: Allow download_url to respect content-disposition header
--------------------------------------+------------------------------
Reporter: cklosows | Owner: johnjamesjacoby
Type: enhancement | Status: closed
Priority: normal | Milestone: 5.9
Component: HTTP API | Version: 4.7
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------------------
Changes (by johnjamesjacoby):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"51939" 51939]:
{{{
#!CommitTicketReference repository="" revision="51939"
Admin/HTTP API: add suggested filename support to `download_url()`.
This change allows for external clients to supply a suggested filename via
a `Content-Disposition` response header. This filename is processed
through `sanitize_file_name()` to ensure it is allowable (on the server,
MIME's, etc...) and `validate_file()` to prevent directory traversal.
If the suggested filename fails the above processing/checks, that
suggestion is discarded and the standard temporary filename (generated by
WordPress) is used.
If no `Content-Disposition` header is found in the response headers, the
standard temporary filename continues to be used as per normal.
Included in this change are 6 additional PHPUnit tests with 9 assertions.
These tests confirm that valid filename values are correctly saved, and
invalid filename values are correctly rejected.
Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.
Fixes #38231.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38231#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list