sanitized file names for download

irontec · Apr 3, 2024 · b754427 · b754427
1 parent 901f8e7
commit b754427
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/Symfony/Controller/DownloadAction.php b/Symfony/Controller/DownloadAction.php
@@ -122,11 +122,20 @@ private function createDownloadResponse(
 
         $disposition = $response->headers->makeDisposition(
             $forceDownload ? ResponseHeaderBag::DISPOSITION_ATTACHMENT : ResponseHeaderBag::DISPOSITION_INLINE,
-            $fileName
+            $this->sanitizeFileName($fileName)
         );
         $response->headers->set('Content-Disposition', $disposition);
         $response->headers->set('Content-Type', $mimeType ?: 'application/octet-stream');
 
         return $response;
     }
+
+    private function sanitizeFileName(string $fileName): string
+    {
+        return str_replace(
+            ' ',
+            '_',
+            $fileName
+        );
+    }
 }