[wp-trac] [WordPress Trac] #38231: Allow download_url to respect content-disposition header

WordPress Trac noreply at wordpress.org
Wed May 26 15:21:44 UTC 2021 

#38231: Allow download_url to respect content-disposition header
--------------------------------------+------------------------------
 Reporter:  cklosows                  |       Owner:  johnjamesjacoby
     Type:  enhancement               |      Status:  assigned
 Priority:  normal                    |   Milestone:  5.9
Component:  HTTP API                  |     Version:  4.7
 Severity:  normal                    |  Resolution:
 Keywords:  has-patch has-unit-tests  |     Focuses:
--------------------------------------+------------------------------

Comment (by psrpinto):

 Thanks for the feedback @dd32! I agree with pretty much all your points so
 I've now refactored the code to reflect your suggested changes.

 Please do let me know if you have further suggestions, they will be very
 welcome and I will be happy to consider them.

 ----

 > What if the filename in the URL and in the Content-Disposition header
 match?

 Filenames are generated through `wp_tempnam()` so there can be no
 collisions, since that method makes sure the filename is unique. So even
 if the filename in the URL and in the Content-Disposition header are the
 same, the temporary files that are created will have unique names.

 ----

 Changes in [attachment:"38231.2.diff"]:

 - No longer check that `$content_disposition` is not empty before the call
 to `preg_match()`. If it is empty, it won't match, so that check is
 unnecessary. (`wp_remote_retrieve_header()` returns either a filename or
 an empty string).
 - Treat Content-Disposition as "progressive enhancement", falling back to
 original randomly-generated filename in case of error.
 - Support the case where the header contains no quotes: `Content-
 Disposition: filename=foo.txt`


 Changes in [attachment:"38231-tests.2.diff"]

 - Add test for the case where the header contains no quotes: `Content-
 Disposition: filename=foo.txt`

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/38231#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list