[network/dom] Improve sanitization of download filenames.

author: Moonchild <moonchild@palemoon.org> 2020-07-29 01:21:13 +0000
committer: Moonchild <moonchild@palemoon.org> 2020-07-29 01:21:13 +0000
commit: 3b0123aa12675decc11332704997e29a819eb8ff (patch)
tree: fca56977877dae912f340f41ae12d828c7d17d68 /uriloader
parent: 08fb2f306856948ecc71974dd98c0a6d78df25aa (diff)
download: UXP-3b0123aa12675decc11332704997e29a819eb8ff.tar
UXP-3b0123aa12675decc11332704997e29a819eb8ff.tar.gz
UXP-3b0123aa12675decc11332704997e29a819eb8ff.tar.lz
UXP-3b0123aa12675decc11332704997e29a819eb8ff.tar.xz
UXP-3b0123aa12675decc11332704997e29a819eb8ff.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp
index 49a54ea5f..0ca3d7edf 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -1181,9 +1181,12 @@ nsExternalAppHandler::nsExternalAppHandler(nsIMIMEInfo * aMIMEInfo,
     mTempFileExtension = char16_t('.');
   AppendUTF8toUTF16(aTempFileExtension, mTempFileExtension);
 
-  // replace platform specific path separator and illegal characters to avoid any confusion
-  mSuggestedFileName.ReplaceChar(KNOWN_PATH_SEPARATORS FILE_ILLEGAL_CHARACTERS, '_');
-  mTempFileExtension.ReplaceChar(KNOWN_PATH_SEPARATORS FILE_ILLEGAL_CHARACTERS, '_');
+  // Replace platform specific path separator and illegal characters to avoid any confusion
+  mSuggestedFileName.ReplaceChar(KNOWN_PATH_SEPARATORS, '_');
+  mSuggestedFileName.ReplaceChar(FILE_ILLEGAL_CHARACTERS, ' ');
+  mSuggestedFileName.ReplaceChar(char16_t(0), '_');
+  mTempFileExtension.ReplaceChar(KNOWN_PATH_SEPARATORS, '_');
+  mTempFileExtension.ReplaceChar(FILE_ILLEGAL_CHARACTERS, ' ');
 
   // Remove unsafe bidi characters which might have spoofing implications (bug 511521).
   const char16_t unsafeBidiCharacters[] = {
author	Moonchild <moonchild@palemoon.org>	2020-07-29 01:21:13 +0000
committer	Moonchild <moonchild@palemoon.org>	2020-07-29 01:21:13 +0000
commit	3b0123aa12675decc11332704997e29a819eb8ff (patch)
tree	fca56977877dae912f340f41ae12d828c7d17d68 /uriloader
parent	08fb2f306856948ecc71974dd98c0a6d78df25aa (diff)
download	UXP-3b0123aa12675decc11332704997e29a819eb8ff.tar UXP-3b0123aa12675decc11332704997e29a819eb8ff.tar.gz UXP-3b0123aa12675decc11332704997e29a819eb8ff.tar.lz UXP-3b0123aa12675decc11332704997e29a819eb8ff.tar.xz UXP-3b0123aa12675decc11332704997e29a819eb8ff.zip