From 92a69bddce10da92a6a418f08c134ebdd6217ca4 Mon Sep 17 00:00:00 2001
From: rinpatch <rinpatch@sdf.org>
Date: Tue, 12 Mar 2019 09:21:13 +0300
Subject: [PATCH] escape quotation marks in Content-Disposition header

---
 lib/pleroma/plugs/uploaded_media.ex | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/pleroma/plugs/uploaded_media.ex b/lib/pleroma/plugs/uploaded_media.ex
index 15f447ded..bc913f408 100644
--- a/lib/pleroma/plugs/uploaded_media.ex
+++ b/lib/pleroma/plugs/uploaded_media.ex
@@ -27,6 +27,8 @@ def call(%{request_path: <<"/", @path, "/", file::binary>>} = conn, opts) do
     conn =
       case fetch_query_params(conn) do
         %{query_params: %{"name" => name}} = conn ->
+          name = String.replace(name, "\"", "\\\"")
+
           conn
           |> put_resp_header("Content-Disposition", "filename=\"#{name}\"")