From a72d7f57f3c7373c8805c18536bb98742d624661 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 6 Feb 2024 15:45:02 +0100 Subject: [PATCH 1/6] bump reva Signed-off-by: Christian Richter --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7ba7837ae00..59f83d8b8e2 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/blevesearch/bleve/v2 v2.3.10 github.com/coreos/go-oidc/v3 v3.9.0 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 - github.com/cs3org/reva/v2 v2.18.1-0.20240205065033-2c21ada2ae52 + github.com/cs3org/reva/v2 v2.18.1-0.20240206122233-bf89f7aaedd1 github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e diff --git a/go.sum b/go.sum index 80a34ec6ab9..70eddac6860 100644 --- a/go.sum +++ b/go.sum @@ -1019,8 +1019,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY= -github.com/cs3org/reva/v2 v2.18.1-0.20240205065033-2c21ada2ae52 h1:Jeh8q6WKl4gcK7GMayn56y1uxbw91XvyuZcvY7SiDRk= -github.com/cs3org/reva/v2 v2.18.1-0.20240205065033-2c21ada2ae52/go.mod h1:GCN3g6uYE0Nvd31dGlhaGGyUviUfbG2NkecPRv5oSc4= +github.com/cs3org/reva/v2 v2.18.1-0.20240206122233-bf89f7aaedd1 h1:74SlyiFIUYcTvSFaEyeyABg3nuiDko91ve0fE++t87s= +github.com/cs3org/reva/v2 v2.18.1-0.20240206122233-bf89f7aaedd1/go.mod h1:GCN3g6uYE0Nvd31dGlhaGGyUviUfbG2NkecPRv5oSc4= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= From b802a1848ff1816dc062f9880f978fdef1e77bee Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 6 Feb 2024 15:45:13 +0100 Subject: [PATCH 2/6] update testsuite Signed-off-by: Christian Richter --- .../features/coreApiVersions/fileVersions.feature | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/acceptance/features/coreApiVersions/fileVersions.feature b/tests/acceptance/features/coreApiVersions/fileVersions.feature index 9658d6f6117..56e1180aa35 100644 --- a/tests/acceptance/features/coreApiVersions/fileVersions.feature +++ b/tests/acceptance/features/coreApiVersions/fileVersions.feature @@ -163,13 +163,13 @@ Feature: dav-versions Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''textfile0.txt; filename="textfile0.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"textfile0.txt"; filename="textfile0.txt" | And the downloaded content should be "version 1" When user "Alice" downloads the version of file "textfile0.txt" with the index "2" Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''textfile0.txt; filename="textfile0.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"textfile0.txt"; filename="textfile0.txt" | And the downloaded content should be "uploaded content" @skipOnStorage:ceph @skipOnStorage:scality @@ -182,13 +182,13 @@ Feature: dav-versions Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''textfile0.txt; filename="textfile0.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"textfile0.txt"; filename="textfile0.txt" | And the downloaded content should be "version 2" When user "Alice" downloads the version of file "textfile0.txt" with the index "2" Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''textfile0.txt; filename="textfile0.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"textfile0.txt"; filename="textfile0.txt" | And the downloaded content should be "uploaded content" From 41b33d53f24204fa111f4ce5c5635f53de01c57c Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 6 Feb 2024 15:48:22 +0100 Subject: [PATCH 3/6] vendor reva Signed-off-by: Christian Richter --- .../v2/internal/http/services/owncloud/ocdav/net/builders.go | 2 +- .../internal/http/services/owncloud/ocdav/propfind/propfind.go | 1 + vendor/modules.txt | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net/builders.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net/builders.go index 0498072b6c3..be7b8fdeecf 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net/builders.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net/builders.go @@ -27,7 +27,7 @@ import ( // ContentDispositionAttachment builds a ContentDisposition Attachment header with various filename encodings func ContentDispositionAttachment(filename string) string { - return "attachment; filename*=UTF-8''" + filename + "; filename=\"" + filename + "\"" + return "attachment; filename*=UTF-8''\"" + filename + "\"; filename=\"" + filename + "\"" } // RFC1123Z formats a CS3 Timestamp to be used in HTTP headers like Last-Modified diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind/propfind.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind/propfind.go index fc5764738e9..027f8c73b16 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind/propfind.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind/propfind.go @@ -579,6 +579,7 @@ func (p *Handler) getResourceInfos(ctx context.Context, w http.ResponseWriter, r // adjust path info.Path = filepath.Join(spacePath, spaceRef.Path) + info.Name = filepath.Base(info.Path) spaceMap[info] = spaceData{Ref: spaceRef, SpaceType: space.SpaceType} diff --git a/vendor/modules.txt b/vendor/modules.txt index 7850ae139b8..9ebb835c7e8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -362,7 +362,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.18.1-0.20240205065033-2c21ada2ae52 +# github.com/cs3org/reva/v2 v2.18.1-0.20240206122233-bf89f7aaedd1 ## explicit; go 1.21 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime From afd4d54869bfaa08dadf47fc875273034e2215b0 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 6 Feb 2024 15:51:23 +0100 Subject: [PATCH 4/6] add changelog Signed-off-by: Christian Richter --- .../unreleased/bump-reva-for-content-disposition-header.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 changelog/unreleased/bump-reva-for-content-disposition-header.md diff --git a/changelog/unreleased/bump-reva-for-content-disposition-header.md b/changelog/unreleased/bump-reva-for-content-disposition-header.md new file mode 100644 index 00000000000..5c2cdbd7e3a --- /dev/null +++ b/changelog/unreleased/bump-reva-for-content-disposition-header.md @@ -0,0 +1,7 @@ +Bugfix: Fix Content-Deposition header for downloads + +We have fixed a bug that caused downloads to fail on Chromebased browsers when the filename contained special characters. + +https://github.com/owncloud/ocis/pull/8381 +https://github.com/owncloud/ocis/issues/8361 +https://github.com/cs3org/reva/pull/4498 From ee533d55cdff7ab976fb895b35b395cffca59035 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 7 Feb 2024 09:23:50 +0545 Subject: [PATCH 5/6] Update downloadFile feature for expected Content-Disposition --- .../features/coreApiWebdavOperations/downloadFile.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature index 34b7be65f03..7c5eb31bc0c 100644 --- a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature +++ b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature @@ -269,7 +269,7 @@ Feature: download file Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"welcome.txt"; filename="welcome.txt" | | Content-Security-Policy | default-src 'none'; | | X-Content-Type-Options | nosniff | | X-Download-Options | noopen | From 1a0568ce5f2d020dcaecd0c906bd23509fc74264 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 7 Feb 2024 10:09:26 +0545 Subject: [PATCH 6/6] Fix typo in changelog --- .../unreleased/bump-reva-for-content-disposition-header.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/unreleased/bump-reva-for-content-disposition-header.md b/changelog/unreleased/bump-reva-for-content-disposition-header.md index 5c2cdbd7e3a..c87050ef27d 100644 --- a/changelog/unreleased/bump-reva-for-content-disposition-header.md +++ b/changelog/unreleased/bump-reva-for-content-disposition-header.md @@ -1,4 +1,4 @@ -Bugfix: Fix Content-Deposition header for downloads +Bugfix: Fix Content-Disposition header for downloads We have fixed a bug that caused downloads to fail on Chromebased browsers when the filename contained special characters.