Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quote '?' in Quoted Printable filename #30252

Closed
wants to merge 1 commit into from
Closed

Quote '?' in Quoted Printable filename #30252

wants to merge 1 commit into from

Conversation

luozhenyu
Copy link
Contributor

Bad case

String filename = "filename with ?问号.txt";
ContentDisposition cd = ContentDisposition.attachment()
    .filename(filename, StandardCharsets.UTF_8)
    .build();
String[] parts = cd.toString().split("; ");

// attachment; filename="=?UTF-8?Q?filename=20with=20?=E9=97=AE=E5=8F=B7.txt?="
String quotedPrintableFilename = parts[0] + "; " + parts[1];
// expected: filename with ?问号.txt
// actual: filename with
System.out.println(ContentDisposition.parse(quotedPrintableFilename).getFilename());

Cause

In previous implementation, the question mark (?) is not quoted. If a quoted character (=E9=97=AE) follows, the combination "?=" will be interpreted as end mark of "encoded-word".

8-bit values which correspond to printable ASCII characters other than "=", "?", and "_" (underscore), MAY be represented as those characters.
https://www.rfc-editor.org/rfc/rfc2047#section-4.2

@luozhenyu luozhenyu force-pushed the content-disposition branch 2 times, most recently from d08cbc6 to 6438ad8 Compare March 31, 2023 06:32
@luozhenyu luozhenyu marked this pull request as ready for review March 31, 2023 06:32
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Mar 31, 2023
@luozhenyu luozhenyu force-pushed the content-disposition branch from 6438ad8 to 84117e8 Compare March 31, 2023 13:40
rstoyanchev
rstoyanchev reviewed Apr 17, 2023
View reviewed changes
Copy link
Contributor

@rstoyanchev rstoyanchev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems related to the recent change in #29861 and the added regular "filename" parameter. Prior to that for filename(..., UTF_8) we created only a "filename*" parameter via encodeRfc5987Filename, and that part of the test works.

@rstoyanchev rstoyanchev requested a review from poutsma April 17, 2023 14:45
@rstoyanchev rstoyanchev added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Apr 17, 2023
@poutsma poutsma self-assigned this Apr 18, 2023
@poutsma poutsma changed the title In Content-Disposition, the question mark should be quoted Quote '?' in Quoted Printable filename Apr 18, 2023
@poutsma poutsma added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Apr 18, 2023
@poutsma poutsma added this to the 6.0.9 milestone Apr 18, 2023
@poutsma poutsma closed this in 5a4a46a Apr 18, 2023
poutsma added a commit that referenced this pull request Apr 18, 2023
@poutsma
Polish contribution
74d3268 
This commit polishes an external contribution, ensuring that not just
spaces are encoded as underscores, and that underscores are encoded
as non-printable.

See gh-30252
poutsma added a commit that referenced this pull request Apr 18, 2023
@poutsma
Merge pull request #30252 from luozhenyu:content-disposition
685548b 
* gh-30252:
  Polish contribution
  Quote question marks in content-disposition
@poutsma
Copy link
Contributor

poutsma commented Apr 18, 2023

Thank you for submitting a PR. I have made a couple of changes also related to RFC 2047, so that spaces are now encoded as underscores, and that underscores themselves are handled as non-printable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rstoyanchev rstoyanchev rstoyanchev left review comments

@poutsma poutsma Awaiting requested review from poutsma

Assignees

@poutsma poutsma

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug
Projects
None yet
Milestone
6.0.9
Development

Successfully merging this pull request may close these issues.
4 participants
@luozhenyu @poutsma @rstoyanchev @spring-projects-issues