fix(security): sanitize filename in Content-Disposition header to prevent injection

2026-03-31 23:39:20 +08:00
parent fbe064253c
commit c8dece351c
1 changed files with 7 additions and 1 deletions
--- a/src/plugins/http/routes.rs
+++ b/src/plugins/http/routes.rs
@@ -1712,11 +1712,17 @@ fn read_attachment_response(path: &Path) -> warp::reply::Response {
    match std::fs::read(path) {
        Ok(data) => {
            let filename = path.file_name().unwrap_or_default().to_string_lossy();
+            // Sanitize filename for Content-Disposition header to prevent header injection
+            let safe_filename = filename
+                .replace('\\', "_")
+                .replace('"', "_")
+                .replace('\r', "")
+                .replace('\n', "");
            match warp::http::Response::builder()
                .header("Content-Type", "application/octet-stream")
                .header(
                    "Content-Disposition",
-                    format!("attachment; filename=\"{filename}\""),
+                    format!("attachment; filename=\"{safe_filename}\""),
                )
                .header("Content-Length", data.len().to_string())
                .body(data)