Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-58155

QWebEngineDownloadItem::path() is percent-encoded

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.7.1
    • Fix Version/s: 5.9.0 Beta 2
    • Component/s: WebEngine
    • Labels:
      None

      Description

      When downloading a file named "foo bar" from a server, QWebEngineDownloadItem::path() ends with "foo%20bar". Meanwhile, Chromium/Firefox save that file as "foo bar".

      When a server sends a Content-Disposition header with filename=foo%20bar, this should be saved as "foo%20bar", and the path is also "foo%20bar" - that means when attempting to percent-decode the value we got, a website can write arbitary files by passing a filename like "..%2F.profile" (which is what happened with at least two QtWebEngine projects).

        Attachments

        For Gerrit Dashboard: QTBUG-58155
        # Subject Branch Project Status CR V

          Activity

            People

            Assignee:
            allan.jensen Allan Sandfeld Jensen
            Reporter:
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes