#10412 closed defect (fixed)
"Download in other formats: Plain Text" link at the bottom of this site wiki pages does not work in Firefox 7.0.1
| Reported by: | Owned by: | Remy Blank | |
|---|---|---|---|
| Priority: | high | Milestone: | 0.12.3 |
| Component: | wiki system | Version: | |
| Severity: | major | Keywords: | wiki, plain text |
| Cc: | miked@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
and in SeaMonkey 2.4.1 too
the error message is "Corrupted Content Error"
Attachments (2)
Change History (12)
by , 13 years ago
| Attachment: | Clipboard01.png added |
|---|
by , 13 years ago
| Attachment: | Clipboard02.png added |
|---|
comment:1 by , 13 years ago
| Milestone: | → 0.12.3 |
|---|---|
| Owner: | set to |
comment:2 by , 13 years ago
| Priority: | normal → high |
|---|---|
| Severity: | normal → major |
And indeed, we are sending duplicate headers:
$ wget -S "http://trac.edgewall.org/wiki/WikiStart?format=txt" --2011-10-15 09:18:30-- http://trac.edgewall.org/wiki/WikiStart?format=txt Resolving trac.edgewall.org (trac.edgewall.org)... 78.47.205.98 Connecting to trac.edgewall.org (trac.edgewall.org)|78.47.205.98|:80... connected. HTTP request sent, awaiting response... HTTP/1.0 200 OK Connection: keep-alive Content-Disposition: attachment; x=y Content-Disposition: filename=WikiStart.txt Content-Type: text/plain;charset=utf-8 Content-Length: 4949 Set-Cookie: trac_session=96eb54ece2c7b1245c5141cb; expires=Fri, 13-Jan-2012 07:18:30 GMT; Path=/ Date: Sat, 15 Oct 2011 07:18:30 GMT Server: lighttpd/1.4.19 Length: 4949 (4,8K) [text/plain] Saving to: “WikiStart?format=txt” 100%[======================================>] 4.949 --.-K/s in 0,03s 2011-10-15 09:18:30 (155 KB/s) - “WikiStart?format=txt” saved [4949/4949]
The "x=y" looks weird.
comment:3 by , 13 years ago
Indeed, some weird workaround for some version of Safari: r5274. That was 4 years ago, probably not worth keeping any longer.
That x=y itself probably came at some point from http://greenbytes.de/tech/tc2231/#attmissingdisposition2 …
follow-up: 6 comment:4 by , 13 years ago
The issue should be fixed with [10832]. That changeset also fixes all Content-Disposition headers with a filename to use content_disposition() to ensure proper escaping.
There is a small behavior change, though: now, the "download as plain text" link will display the text in the browser, instead of forcing a download. The user can still save the text with "Save Page as…". I could restore the previous behavior, but I'm not sure we want that. For comparison, we don't force a download for any of the other conversions (CSV, TSV, SQL), it just so happens that the file extension triggers the download (at least in Firefox).
So, should I force the download?
comment:5 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Bah, probably not. Let's close this.
comment:6 by , 12 years ago
Sorry about my reply to a year old ticket.
Replying to rblank:
So, should I force the download?
Yes, we should force at least Internet Explorer to download.
The reason is the same as…
- Always send "Content-Disposition: attachment" headers where potentially unsafe (user provided) content is available for download. This behaviour can be altered using the "render_unsafe_content" option in the "attachment" and "browser" sections of trac.ini.
- Fixed XSS vulnerability in "download wiki page as text" in combination with Microsoft IE.
comment:7 by , 12 years ago
Too bad, I actually liked the possibility to view text files in the browser. Oh well…
Looks good, please apply!
comment:9 by , 12 years ago
Sorry if this is unrelated but Seamonkey 2.4.1?
At http://www.seamonkey-project.org/ the latest version is 2.12.1, but I found this page from Nov. 2011: http://www.seamonkey-project.org/releases/seamonkey2.4/
Can someone explain that to me?
comment:10 by , 12 years ago
| Cc: | added |
|---|
Can you please try one of the other major browsers (IE, Opera, Chrome, Safari)?
I have found this:
It's even in the release notes:
So I guess we'll need to look through our headers.