[wp-trac] [WordPress Trac] #38231: Allow download_url to respect content-disposition header
WordPress Trac
noreply at wordpress.org
Wed Oct 13 20:34:58 UTC 2021
#38231: Allow download_url to respect content-disposition header
--------------------------------------+------------------------------
Reporter: cklosows | Owner: johnjamesjacoby
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.9
Component: HTTP API | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------------------
Comment (by johnjamesjacoby):
[https://core.trac.wordpress.org/attachment/ticket/38231/38231.3.diff
38231.3.diff] confirms (with unit tests) that:
* `wp_tempnam()` prevents path traversal
* single, double, and no quotes all work
* both `filename=` and `filename*=` now supported
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38231#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list