Skip to content

Allow blank filenames in Content-Disposition field #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Allow blank filenames in Content-Disposition field #792

wants to merge 2 commits into from

Conversation

robinroestenburg
Copy link
Contributor

Attachments containing an empty string as a filename in the Content-Disposition header are skipped.

This was introduced as a side-effect of commit b1b1796.

Take, for example, the following Content-Disposition header:

Content-Disposition: inline;
  filename=""

Prior to that commit the parameters in the ContentDispositionField class would return:

{"filename"=>"\"\""}

After the commit the following is returned:

{"filename"=>""}

This is correct, but the code returning the filename from the ContentDispositionField class checks on !blank?. Which would return true before, and now returns false.

This would result in Message#find_attachment not decoding the attachment because nil instead of "" is returned.

For this PR I made the ContentDispositionField#filename implementation match the one in ContentTypeField#filename.

@robinroestenburg
Copy link
Contributor Author

Added some specs as well. I copied some specs from the ContentTypeField specs, as the implementation should be the same (imo).

Note:

  • Content-Type allows empty filenames using filename=. This gets sanitize by the ContentTypeField#sanatize method. I believe this is incorrect, as values should always be quoted strings? These filenames are not not possible for the Content-Disposition header.
  • The spec/mail/fields/content_type_field_spec.rb file contains the 'should locate an encoded name as a filename' spec. I did not add this to the specs for Content-Disposition, because in order to make it work I had to copy method_missing, stringify and parameters methods from the ContentTypeField class. I could do this in another PR.

@grosser
Copy link
Contributor

grosser commented Sep 18, 2014

empty filenames could create more problems down the line when for example trying to store things ...
imo find_attachment is incorrect anyway since it only looks for filename, I'm using this:

return filename if filename.present?
if self['Content-Disposition'].to_s.split(";").first == "attachment" ||
      (type && type.split("/").first != "text") ||
      type == 'text/calendar'
    )
  generated_attachment_name
end

@jimmysoho
Copy link

Empty filenames could create problems for mail consumers, but that is unfortunately not mail's concern, if the email says the filename is "" then that's what it is.

I do agree that the implementation of find_attachment is incorrect, we use code similar to yours. I think a separate pull request is needed to fix that up.

@jeremy jeremy mentioned this pull request Mar 3, 2016
Closed
@jeremy jeremy added this to the 2.7.0 milestone May 16, 2017
@jeremy jeremy closed this in c9d8cc2 May 16, 2017
@grosser
Copy link
Contributor

grosser commented May 16, 2017

thx for merging/fixing all these issues @jeremy ! ❤️

@jeremy jeremy mentioned this pull request May 17, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Bug Header Fields
Projects
None yet
Milestone
2.7.0
Development

Successfully merging this pull request may close these issues.
4 participants
@robinroestenburg @grosser @jimmysoho @jeremy