Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-32889

Improperly escaped downloads fail in Google Chrome

    Details

    • Testing Instructions:
      Hide

      1. Create an assignment which as at least one comma in the title.
      2. Add one or more submissions to it.
      3. Attempt to download these as a zip file using the current version of Google Chrome.

      Note: this patch touches a couple different areas. The fix specific to mod/assignment is in lib/filelib if this needs to be split up.

      Show
      1. Create an assignment which as at least one comma in the title. 2. Add one or more submissions to it. 3. Attempt to download these as a zip file using the current version of Google Chrome. Note: this patch touches a couple different areas. The fix specific to mod/assignment is in lib/filelib if this needs to be split up.
    • Affected Branches:
      MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-32889-master

      Description

      Some downloads fail in Google Chome with the error "Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple distinct Content-Disposition headers received. This is disallowed to protect against HTTP response splitting attacks." See http://moodle.org/mod/forum/discuss.php?d=201781 for discussion. I can reproduce this with an assignment that has a comma in the same. Enclosing the filename in the Content-Disposition header in quotes resolves the issue.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                10 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  25/Jun/12