[Catalyst] Re: Catalyst::Response - send a file

Wade.Stuart at fallon.com Wade.Stuart at fallon.com
Thu Aug 21 21:37:15 BST 2008 

Aristotle Pagaltzis <pagaltzis at gmx.de> wrote on 08/20/2008 04:12:18 PM:

> * Wade.Stuart at fallon.com <Wade.Stuart at fallon.com> [2008-08-20 17:55]:
> > Aristotle Pagaltzis <pagaltzis at gmx.de> wrote on 08/19/2008 04:39:55 PM:
> > > * Wade.Stuart at fallon.com <Wade.Stuart at fallon.com> [2008-08-19 21:55]:
> > > > $c->response->headers->header('Content-disposition:' =>
> "attachment; filename=$filename" );
> > >
> > > You forgot
> > >
> > >     $filename =~ s!"!\\"!g;
> >
> > Yes, I usually sanitize and escape outside of that block --
> > good catch.
>
> I prefer to do this kind of encode/decode stuff at the boundaries
> of the code. It is hard to keep track of how the data is encoded
> and who is responsible for what kind of transformation at what
> time when you don?t do it that way. The particular case of these
> filenames is probably not too difficult because you probably
> aren?t going to be doing a whole lot with them anyway, but still,
> I prefer to push encoding and decoding to the boundaries as a
> general principle so I can never forget to take it into account
> in the middle of the system.

I should have been more concise,  I mean outside of that block of lines
(not elsewhere in the app logic).  I just copied the bunch o header setting
lines I used from my send file code...

>
> PS.: I missed the fact that that should of course also be
> accompanied by always quoting the filename (which presumably in
> your own code is also happening elsewhere):
>
>     $filename =~ s!"!\\"!g;
>     $c->res->header( 'Content-Disposition' => qq[attachment;
> filename="$filename"] );
>

no,  I have not quoted the filename.  I have to look at the rfc further,
but all my testing has shown it to work without the quotes...



> Regards,
> --
> Aristotle Pagaltzis // <http://plasmasturm.org/>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

More information about the Catalyst mailing list