]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Controller.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added ability to escape role "External Auth ID" commas
[bookstack] / app / Http / Controllers / Controller.php
diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php
index 4c979c26a1ac1526f46e9afcf37d9414fb2e5dd9..c00ac938bdae2b56586d4d97bc74820cd5b7bbd5 100644 (file)
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
@@ -116,7 +116,7 @@ abstract class Controller extends BaseController
     {
         return response()->make($content, 200, [
             'Content-Type'           => 'application/octet-stream',
-            'Content-Disposition'    => 'attachment; filename="' . $fileName . '"',
+            'Content-Disposition'    => 'attachment; filename="' . str_replace('"', '', $fileName) . '"',
             'X-Content-Type-Options' => 'nosniff',
         ]);
     }
@@ -126,13 +126,18 @@ abstract class Controller extends BaseController
      */
     protected function streamedDownloadResponse($stream, string $fileName): StreamedResponse
     {
-        return response()->stream(function() use ($stream) {
-            ob_end_clean();
+        return response()->stream(function () use ($stream) {
+            // End & flush the output buffer otherwise we still seem to use memory.
+            // Ignore in testing since output buffers are used to gather a response.
+            if (!app()->runningUnitTests()) {
+                ob_end_clean();
+            }
+
             fpassthru($stream);
             fclose($stream);
         }, 200, [
             'Content-Type'           => 'application/octet-stream',
-            'Content-Disposition'    => 'attachment; filename="' . $fileName . '"',
+            'Content-Disposition'    => 'attachment; filename="' . str_replace('"', '', $fileName) . '"',
             'X-Content-Type-Options' => 'nosniff',
         ]);
     }
@@ -147,7 +152,7 @@ abstract class Controller extends BaseController
 
         return response()->make($content, 200, [
             'Content-Type'           => $mime,
-            'Content-Disposition'    => 'inline; filename="' . $fileName . '"',
+            'Content-Disposition'    => 'inline; filename="' . str_replace('"', '', $fileName) . '"',
             'X-Content-Type-Options' => 'nosniff',
         ]);
     }
@@ -162,13 +167,13 @@ abstract class Controller extends BaseController
         $sniffContent = fread($stream, 1000);
         $mime = (new WebSafeMimeSniffer())->sniff($sniffContent);
 
-        return response()->stream(function() use ($sniffContent, $stream) {
-           echo $sniffContent;
-           fpassthru($stream);
-           fclose($stream);
+        return response()->stream(function () use ($sniffContent, $stream) {
+            echo $sniffContent;
+            fpassthru($stream);
+            fclose($stream);
         }, 200, [
             'Content-Type'           => $mime,
-            'Content-Disposition'    => 'inline; filename="' . $fileName . '"',
+            'Content-Disposition'    => 'inline; filename="' . str_replace('"', '', $fileName) . '"',
             'X-Content-Type-Options' => 'nosniff',
         ]);
     }
The core source code for the BookStack project.