Opened 8 weeks ago
Last modified 7 weeks ago
#63384 new defect (bug)
Content-Disposition 'inline' filenames not respected by download_url()
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 5.9 |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
# Content-Disposition 'inline' filename extraction not working in download_url()
The download_url() function successfully extracts filenames from Content-Disposition headers when they use the 'attachment' directive (e.g., Content-Disposition: attachment; filename="xyz.png"). However, the function fails to extract filenames when the 'inline' directive is used (e.g., Content-Disposition: inline; filename="abc.jpg"). This inconsistency means filenames are only properly captured with the 'attachment' directive but are ignored when using 'inline'.
https://lh3.googleusercontent.com/a/ACg8ocIsaU5KyoziSpU_mP5OpE-dzbmc8hoyOEXemog5RopRRoqTz2Y=s96-c
Example URL:
<?php File: src/wp-admin/includes/file.php 1221: 1222: if ( str_starts_with( $content_disposition, 'attachment; filename=' ) ) { 1223: $tmpfname_disposition = sanitize_file_name( substr( $content_disposition, 21 ) ); 1224: } else { 1225: $tmpfname_disposition = ''; 1226: }
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
This seems to be a duplicate of #63015? #60788 is also an interesting question...