| 82 | * @ticket 38231 |
| 83 | * @dataProvider data_download_url_filename_from_content_disposition_header |
| 84 | */ |
| 85 | public function test_download_url_filename_from_content_disposition_header( $filter ) { |
| 86 | add_filter( 'pre_http_request', array( $this, $filter ), 10, 3 ); |
| 87 | |
| 88 | $filename = download_url( 'url_with_content_disposition_header' ); |
| 89 | $this->assertMatchesRegularExpression( '/filename-from-content-disposition-header/', $filename ); |
| 90 | $this->assertFileExists( $filename ); |
| 91 | $this->unlink( $filename ); |
| 92 | |
| 93 | remove_filter( 'pre_http_request', array( $this, $filter ) ); |
| 94 | } |
| 95 | |
| 96 | public function data_download_url_filename_from_content_disposition_header() { |
| 97 | return array( |
| 98 | 'quotes' => array( '_fake_download_url_with_content_disposition_header' ), |
| 99 | 'no quotes' => array( '_fake_download_url_with_content_disposition_header_without_quotes' ), |
| 100 | 'asterisk' => array( '_fake_download_url_with_content_disposition_header_with_asterisk' ), |
| 101 | 'path traversal' => array( '_fake_download_url_with_content_disposition_header_with_path_traversal' ), |
| 102 | ); |
| 103 | } |
| 104 | |
| 105 | public function _fake_download_url_with_content_disposition_header( $response, $args, $url ) { |
| 106 | return array( |
| 107 | 'response' => array( |
| 108 | 'code' => 200, |
| 109 | ), |
| 110 | 'headers' => array( |
| 111 | 'content-disposition' => 'filename="filename-from-content-disposition-header.txt"', |
| 112 | ), |
| 113 | ); |
| 114 | } |
| 115 | |
| 116 | public function _fake_download_url_with_content_disposition_header_without_quotes( $response, $args, $url ) { |
| 117 | return array( |
| 118 | 'response' => array( |
| 119 | 'code' => 200, |
| 120 | ), |
| 121 | 'headers' => array( |
| 122 | 'content-disposition' => 'filename=filename-from-content-disposition-header.txt', |
| 123 | ), |
| 124 | ); |
| 125 | } |
| 126 | |
| 127 | public function _fake_download_url_with_content_disposition_header_with_asterisk( $response, $args, $url ) { |
| 128 | return array( |
| 129 | 'response' => array( |
| 130 | 'code' => 200, |
| 131 | ), |
| 132 | 'headers' => array( |
| 133 | 'content-disposition' => 'filename*="filename-from-content-disposition-header.txt"', |
| 134 | ), |
| 135 | ); |
| 136 | } |
| 137 | |
| 138 | public function _fake_download_url_with_content_disposition_header_with_path_traversal( $response, $args, $url ) { |
| 139 | return array( |
| 140 | 'response' => array( |
| 141 | 'code' => 200, |
| 142 | ), |
| 143 | 'headers' => array( |
| 144 | 'content-disposition' => 'filename="../../filename-from-content-disposition-header.txt"', |
| 145 | ), |
| 146 | ); |
| 147 | } |
| 148 | |
| 149 | /** |