Commit 042f9da9 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Fixes F9686: html decode and sanitize an export filename to become the 'save as'-filename

parent b3b2d9b3
Pipeline #2839 passed with stages
in 2 minutes and 51 seconds
......@@ -28,6 +28,7 @@ use IMATHUZH\Qfq\Core\Helper\KeyValueStringParser;
use IMATHUZH\Qfq\Core\Helper\OnArray;
use IMATHUZH\Qfq\Core\Helper\Support;
use IMATHUZH\Qfq\Core\Helper\Token;
use IMATHUZH\Qfq\Core\Helper\Sanitize;
use IMATHUZH\Qfq\Core\Store\Sip;
use IMATHUZH\Qfq\Core\Store\Store;
......@@ -1525,6 +1526,12 @@ EOF;
private function buildDownload($vars, $value) {
// By default, qfq saves everything HTML encoded. E.g. in form ''' - decode them back to regual UTF-8 text.
$filename = html_entity_decode($vars[DOWNLOAD_EXPORT_FILENAME], ENT_QUOTES | ENT_XML1, 'UTF-8');
// Remove unsafe characters.
$vars[DOWNLOAD_EXPORT_FILENAME] = Sanitize::safeFilename($filename);
return $vars;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment