From 160e7da779efe3fe9fd6e614901d8840e32c9b86 Mon Sep 17 00:00:00 2001 From: Gibson Fahnestock Date: Mon, 27 Feb 2023 22:13:59 +0000 Subject: [PATCH] download_strategy: handle incorrectly quoted filename* headers Some servers erroneously double-quote the filename in the filename* header. This is (as far as I can tell from the spec) a bug in the server, and should be fixed there. In general though using `""` as the filename seems like behaviour worth handling in brew anyway, as there may be other places where the parser returns an empty string. Co-authored-by: Mike McQuaid --- Library/Homebrew/download_strategy.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Library/Homebrew/download_strategy.rb b/Library/Homebrew/download_strategy.rb index a70285ec56..7964497a79 100644 --- a/Library/Homebrew/download_strategy.rb +++ b/Library/Homebrew/download_strategy.rb @@ -483,7 +483,13 @@ class CurlDownloadStrategy < AbstractFileDownloadStrategy if (filename_with_encoding = content_disposition.parameters["filename*"]) encoding, encoded_filename = filename_with_encoding.split("''", 2) - filename = URI.decode_www_form_component(encoded_filename).encode(encoding) if encoding && encoded_filename + # If the `filename*` has incorrectly added double quotes, e.g. + # content-disposition: attachment; filename="myapp-1.2.3.pkg"; filename*=UTF-8''"myapp-1.2.3.pkg" + # Then the encoded_filename will come back as the empty string, in which case we should fall back to the + # `filename` parameter. + if encoding && encoded_filename.present? + filename = URI.decode_www_form_component(encoded_filename).encode(encoding) + end end # Servers may include '/' in their Content-Disposition filename header. Take only the basename of this, because: