pengjunjie/server
1
0
Fork 1
mirror of https://github.com/ONLYOFFICE/server.git synced 2026-04-07 14:04:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bug] Sanitize Content-Disposition in downloadFile; For bug 76325

Browse Source
This commit is contained in:
Sergey Konovalov
2025-08-13 00:59:41 +03:00
parent 0a2f5abfc7
commit 53235a602c
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
DocService/sources/canvasservice.js
View File

@ -1774,6 +1774,10 @@ exports.downloadFile = function(req, res) {
const downloadResult = yield utils.downloadUrlPromise(ctx, url, tenDownloadTimeout, tenDownloadMaxBytes, authorization, isInJwtToken, headers, true);
const response = downloadResult.response;
stream = downloadResult.stream;
// Sanitize Content-Disposition by removing control chars (prevents CRLF/header injection)
if (response.headers['content-disposition']) {
response.headers['content-disposition'] = response.headers['content-disposition'].replace(/[\x00-\x1F\x7F]/g, '');
}
//Set-Cookie resets browser session
delete response.headers['set-cookie'];
// Set the response headers to match the target response