Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-60697

Garbled filename when download file using WAF or Load Balancer that implemented on RFC-6266

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.1.8, 3.2.5, 3.3
    • Fix Version/s: None
    • Component/s: Files API
    • Labels:
      None
    • Environment:
      Google Chrome, Firefox on Windows10
    • Affected Branches:
      MOODLE_31_STABLE, MOODLE_32_STABLE, MOODLE_33_STABLE

      Description

      According to RFC-6266(4.3. Disposition Parameter: 'Filename'), 'filename' param on 

      Content-Disposition in HTTP header should be encode.

      But current of lib/filelib.php is not compatible on RFC-6266.

      For example, lib/filelib.php on line 2290, urlencoded only if IE. But, we should urlencode if ANY BROWSERS.

      As a result, when download file named by multi-byte(ex. サンプルファイル.zip), then garbled on some of WAF and Load Balancer implemented on RFC-6266.

      (Using Chrome, Firefox)

       

      In my case, this problem occurred on Azure Application Gateway .

      Bit this problem will occurred on another WAF or LoadBalancer implemented on RFC-6266.

       

      I want to suggest "delete if (core_useragent::is_ie()) { on urlencode to urlencode on any browsers."

       

      if (core_useragent::is_ie()) {
          $filename = urlencode($filename);
      }

       

      to 

      $filename = urlencode($filename);

      on lib/filelib.php line 2263.

        Attachments

        1. 2017-11-06_1111_001.png
          9 kB
          Takayuki Fuwa
        2. 2017-11-06_1111.png
          29 kB
          Takayuki Fuwa

          Issue Links

            Activity

              People

              • Assignee:
                matteo Matteo Scaramuccia
                Reporter:
                yue Takayuki Fuwa
                Participants:
                Component watchers:
                Matteo Scaramuccia, Jake Dallimore, Jun Pataleta, Ryan Wyllie
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: