Sanitize 0x7F in Content-Disposition filename (#47549)

amcasey · web-flow · commit cb71b0015bca · 2023-04-04T00:04:26.000Z
* Sanitize 0x7F in Content-Disposition filename We were using the ASCII boundaries, but it looks like we should have been using the ISO-8859 boundaries. Fixes #47027 * Update GetHeaderValue_Produces_Correct_ContentDisposition baseline
diff --git a/src/Http/Headers/src/ContentDispositionHeaderValue.cs b/src/Http/Headers/src/ContentDispositionHeaderValue.cs
@@ -509,7 +509,7 @@ private static StringSegment Sanitize(StringSegment input)
             for (int i = 0; i < result.Length; i++)
             {
                 var c = result[i];
-                if ((int)c > 0x7f || (int)c < 0x20)
+                if ((int)c >= 0x7f || (int)c < 0x20)
                 {
                     c = '_'; // Replace out-of-range characters
                 }
@@ -530,12 +530,12 @@ private static bool IsQuoted(StringSegment value)
             && value.EndsWith("\"", StringComparison.Ordinal);
     }
 
-    // tspecials are required to be in a quoted string.  Only non-ascii needs to be encoded.
+    // tspecials are required to be in a quoted string.  Only non-ascii and control characters need to be encoded.
     private static bool RequiresEncoding(StringSegment input)
     {
         Contract.Assert(input != null);
 
-        return input.AsSpan().IndexOfAnyExceptInRange((char)0x20, (char)0x7f) >= 0;
+        return input.AsSpan().IndexOfAnyExceptInRange((char)0x20, (char)0x7e) >= 0;
     }
 
     // Encode using MIME encoding
diff --git a/src/Http/Headers/test/ContentDispositionHeaderValueTest.cs b/src/Http/Headers/test/ContentDispositionHeaderValueTest.cs
@@ -238,11 +238,16 @@ public void FileNameStar_UnknownOrBadEncoding_PropertyFails()
     [InlineData("FileName.bat", "FileName.bat")]
     [InlineData("FileÃName.bat", "File_Name.bat")]
     [InlineData("File\nName.bat", "File_Name.bat")]
+    [InlineData("File\x19Name.bat", "File_Name.bat")]
+    [InlineData("File\x20Name.bat", "File\x20Name.bat")] // First unsanitized
+    [InlineData("File\x7eName.bat", "File\x7eName.bat")] // Last unsanitized
+    [InlineData("File\x7fName.bat", "File_Name.bat")]
     public void SetHttpFileName_ShouldSanitizeFileNameWhereNeeded(string httpFileName, string expectedFileName)
     {
         var contentDisposition = new ContentDispositionHeaderValue("inline");
         contentDisposition.SetHttpFileName(httpFileName);
         Assert.Equal(expectedFileName, contentDisposition.FileName);
+        Assert.Equal(httpFileName, contentDisposition.FileNameStar); // Should roundtrip through FileNameStar encoding
     }
 
     [Fact]
diff --git a/src/Mvc/Mvc.Core/test/FileResultHelperTest.cs b/src/Mvc/Mvc.Core/test/FileResultHelperTest.cs
@@ -198,7 +198,7 @@ public static TheoryData<string, string> ContentDispositionControlCharactersData
                 data.Add(char.ConvertFromUtf32(i), $"attachment; filename=_; filename*=UTF-8''%{i:X2}");
             }
 
-            data.Add(char.ConvertFromUtf32(127), $"attachment; filename=\"{char.ConvertFromUtf32(127)}\"; filename*=UTF-8''%7F");
+            data.Add(char.ConvertFromUtf32(127), $"attachment; filename=_; filename*=UTF-8''%7F");
 
             return data;
         }

Original file line number	Diff line number	Diff line change
`@@ -509,7 +509,7 @@ private static StringSegment Sanitize(StringSegment input)`
`509`	`509`	`for (int i = 0; i < result.Length; i++)`
`510`	`510`	`{`
`511`	`511`	`var c = result[i];`
`512`		`- if ((int)c > 0x7f \|\| (int)c < 0x20)`
	`512`	`+ if ((int)c >= 0x7f \|\| (int)c < 0x20)`
`513`	`513`	`{`
`514`	`514`	`c = '_'; // Replace out-of-range characters`
`515`	`515`	`}`
`@@ -530,12 +530,12 @@ private static bool IsQuoted(StringSegment value)`
`530`	`530`	`&& value.EndsWith("\"", StringComparison.Ordinal);`
`531`	`531`	`}`
`532`	`532`
`533`		`- // tspecials are required to be in a quoted string. Only non-ascii needs to be encoded.`
	`533`	`+ // tspecials are required to be in a quoted string. Only non-ascii and control characters need to be encoded.`
`534`	`534`	`private static bool RequiresEncoding(StringSegment input)`
`535`	`535`	`{`
`536`	`536`	`Contract.Assert(input != null);`
`537`	`537`
`538`		`- return input.AsSpan().IndexOfAnyExceptInRange((char)0x20, (char)0x7f) >= 0;`
	`538`	`+ return input.AsSpan().IndexOfAnyExceptInRange((char)0x20, (char)0x7e) >= 0;`
`539`	`539`	`}`
`540`	`540`
`541`	`541`	`// Encode using MIME encoding`
Original file line number	Diff line number	Diff line change
`@@ -198,7 +198,7 @@ public static TheoryData<string, string> ContentDispositionControlCharactersData`
`198`	`198`	`data.Add(char.ConvertFromUtf32(i), $"attachment; filename=_; filename*=UTF-8''%{i:X2}");`
`199`	`199`	`}`
`200`	`200`
`201`		`- data.Add(char.ConvertFromUtf32(127), $"attachment; filename=\"{char.ConvertFromUtf32(127)}\"; filename*=UTF-8''%7F");`
	`201`	`+ data.Add(char.ConvertFromUtf32(127), $"attachment; filename=_; filename*=UTF-8''%7F");`
`202`	`202`
`203`	`203`	`return data;`
`204`	`204`	`}`