invalid file name encoding in a response header Content-Disposition

XMLWordPrintable

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major
    • None
    • Affects Version/s: 9.6.5
    • Component/s: None
    • Security Level: Jimmy
    • None

      Steps to Reproduce

      1. extract attached zip
      2. mvn clean package
      3. mvn cargo:run
      4. http://localhost:8080/zk9support/bug/zk-5721.zul

      Current Result

      Check the response header of the bad name image in bowser developer tool , no Content-Disposition

      There is a warning in the server console.

      [INFO] [talledLocalContainer] WARNING: The HTTP response header [Content-Disposition] with value [inline;filename="logo-🎉.png";filename*=UTF-8''logo-%F0%9F%8E%89.png] has been removed from the response because it is invalid
      [INFO] [talledLocalContainer] java.lang.IllegalArgumentException: The Unicode character [?] at code point [55,356] cannot be encoded as it is outside the permitted range of 0 to 255
      [INFO] [talledLocalContainer] at org.apache.tomcat.util.buf.MessageBytes.toBytesSimple(MessageBytes.java:286)
      [INFO] [talledLocalContainer] at org.apache.tomcat.util.buf.MessageBytes.toBytes(MessageBytes.java:259)
      [INFO] [talledLocalContainer] at org.apache.coyote.http11.Http11OutputBuffer.write(Http11OutputBuffer.java:389)
      [INFO] [talledLocalContainer] at org.apache.coyote.http11.Http11OutputBuffer.sendHeader(Http11OutputBuffer.java:368)
      [INFO] [talledLocalContainer] at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1050)
      [INFO] [talledLocalContainer] at org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:375)
      [INFO] [talledLocalContainer] at org.apache.coyote.Response.action(Response.java:209)
      [INFO] [talledLocalContainer] at org.apache.coyote.Response.sendHeaders(Response.java:434)
      [INFO] [talledLocalContainer] at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:291)
      [INFO] [talledLocalContainer] at org.apache.catalina.connector.OutputBuffer.flush(OutputBuffer.java:271)
      [INFO] [talledLocalContainer] at org.apache.catalina.connector.CoyoteOutputStream.flush(CoyoteOutputStream.java:120)
      [INFO] [talledLocalContainer] at org.zkoss.web.servlet.http.Https.write(Https.java:569)

      Expected Result

      • Content-Disposition exists
      • no warning

      Debug Information

      Proposed solution

      • Encode the entire Content-Disposition header value according to RFC 2047 as specified in the Javadoc for setHeader().
      • Do not include the filename property in the Content-Disposition header; only use filename* (with the value produced by encodeRfc3986).
      • Add an extra method to the org.zkoss.util.media.Media interface that return a 7-bit-safe ASCII name and use that for the filename property (this would then need to be provided as an extra constructor parameter to e.g. AImage).

      Workaround

      Https.java

        1. header.png
          header.png
          40 kB
        2. Https.java
          21 kB
        3. zk-5721.zip
          19 kB

            Assignee:
            DevChu
            Reporter:
            hawk
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: