invalid file name encoding in a response header Content-Disposition

XMLWordPrintable

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major
    • None
    • Affects Version/s: 9.6.5
    • Component/s: None
    • Security Level: Jimmy
    • None

      Steps to Reproduce

      1. extract attached zip
      2. mvn clean package
      3. mvn cargo:run
      4. http://localhost:8080/zk9support/bug/zk-5721.zul

      Current Result

      Check the response header of the bad name image in bowser developer tool , no Content-Disposition

      There is a warning in the server console.

      [INFO] [talledLocalContainer] WARNING: The HTTP response header [Content-Disposition] with value [inline;filename="logo-🎉.png";filename*=UTF-8''logo-%F0%9F%8E%89.png] has been removed from the response because it is invalid
      [INFO] [talledLocalContainer] java.lang.IllegalArgumentException: The Unicode character [?] at code point [55,356] cannot be encoded as it is outside the permitted range of 0 to 255
      [INFO] [talledLocalContainer] at org.apache.tomcat.util.buf.MessageBytes.toBytesSimple(MessageBytes.java:286)
      [INFO] [talledLocalContainer] at org.apache.tomcat.util.buf.MessageBytes.toBytes(MessageBytes.java:259)
      [INFO] [talledLocalContainer] at org.apache.coyote.http11.Http11OutputBuffer.write(Http11OutputBuffer.java:389)
      [INFO] [talledLocalContainer] at org.apache.coyote.http11.Http11OutputBuffer.sendHeader(Http11OutputBuffer.java:368)
      [INFO] [talledLocalContainer] at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1050)
      [INFO] [talledLocalContainer] at org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:375)
      [INFO] [talledLocalContainer] at org.apache.coyote.Response.action(Response.java:209)
      [INFO] [talledLocalContainer] at org.apache.coyote.Response.sendHeaders(Response.java:434)
      [INFO] [talledLocalContainer] at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:291)
      [INFO] [talledLocalContainer] at org.apache.catalina.connector.OutputBuffer.flush(OutputBuffer.java:271)
      [INFO] [talledLocalContainer] at org.apache.catalina.connector.CoyoteOutputStream.flush(CoyoteOutputStream.java:120)
      [INFO] [talledLocalContainer] at org.zkoss.web.servlet.http.Https.write(Https.java:569)

      Expected Result

      • Content-Disposition exists
      • no warning

      Debug Information

      Proposed solution

      • Encode the entire Content-Disposition header value according to RFC 2047 as specified in the Javadoc for setHeader().
      • Do not include the filename property in the Content-Disposition header; only use filename* (with the value produced by encodeRfc3986).
      • Add an extra method to the org.zkoss.util.media.Media interface that return a 7-bit-safe ASCII name and use that for the filename property (this would then need to be provided as an extra constructor parameter to e.g. AImage).

      Workaround

      Https.java

        1. zk-5721.zip
          19 kB
        2. Https.java
          21 kB
        3. header.png
          header.png
          40 kB

            Assignee:
            DevChu
            Reporter:
            hawk
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: