Fix escaping for video filenames

author: Omar Roth <omarroth@hotmail.com> 2019-02-28 21:29:01 -0600
committer: Omar Roth <omarroth@hotmail.com> 2019-02-28 21:29:01 -0600
commit: ea52c05f0505cd0881766dd1ef3efbae4a892d89 (patch)
tree: 3549b5293cd9439393ab61d8aa9efdaecad94738
parent: 2a643e86bc094c74550f079f4b75f043eaecd36a (diff)
download: invidious-ea52c05f0505cd0881766dd1ef3efbae4a892d89.tar.gz
invidious-ea52c05f0505cd0881766dd1ef3efbae4a892d89.tar.bz2
invidious-ea52c05f0505cd0881766dd1ef3efbae4a892d89.zip
2 files changed, 5 insertions, 4 deletions
diff --git a/src/invidious.cr b/src/invidious.cr
index 189c256b..e4712d5d 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -4002,7 +4002,8 @@ get "/videoplayback" do |env|
     env.response.status_code = response.status_code
 
     if title = env.params.query["title"]?
-      env.response.headers["Content-Disposition"] = "attachment; filename=\"#{title}\""
+      # https://blog.fastmail.com/2011/06/24/download-non-english-filenames/
+      env.response.headers["Content-Disposition"] = "attachment; filename=\"#{URI.escape(title)}\"; filename*=UTF-8''#{URI.escape(title)}"
     end
 
     response.headers.each do |key, value|
diff --git a/src/invidious/views/watch.ecr b/src/invidious/views/watch.ecr
index 8f52d2d2..39c46d2e 100644
--- a/src/invidious/views/watch.ecr
+++ b/src/invidious/views/watch.ecr
@@ -59,17 +59,17 @@
                     <label for="download_widget"><%= translate(locale, "Download as: ") %></label>
                     <select style="width:100%" name="download_widget" id="download_widget">
                     <% video_streams.each do |option| %>
-                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
+                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= URI.escape(video.title) %>-<%= video.id %>.mp4"}'>
                             <%= option["quality_label"] %> - <%= option["type"].split(";")[0] %> @ <%= option["fps"] %>fps - video only
                         </option>
                     <% end %>
                     <% audio_streams.each do |option| %>
-                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
+                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= URI.escape(video.title) %>-<%= video.id %>.mp4"}'>
                             <%= option["type"].split(";")[0] %> @ <%= option["bitrate"] %>k - audio only
                         </option>
                     <% end %>
                     <% fmt_stream.each do |option| %>
-                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= HTML.escape(video.title) %>-<%= video.id %>.mp4"}'>
+                        <option value='{"id":"<%= video.id %>","itag":"<%= option["itag"] %>","title":"<%= URI.escape(video.title) %>-<%= video.id %>.mp4"}'>
                             <%= itag_to_metadata?(option["itag"]).try &.["height"]? || "~240" %>p - <%= option["type"].split(";")[0] %>
                         </option>
                     <% end %>
author	Omar Roth <omarroth@hotmail.com>	2019-02-28 21:29:01 -0600
committer	Omar Roth <omarroth@hotmail.com>	2019-02-28 21:29:01 -0600
commit	ea52c05f0505cd0881766dd1ef3efbae4a892d89 (patch)
tree	3549b5293cd9439393ab61d8aa9efdaecad94738
parent	2a643e86bc094c74550f079f4b75f043eaecd36a (diff)
download	invidious-ea52c05f0505cd0881766dd1ef3efbae4a892d89.tar.gz invidious-ea52c05f0505cd0881766dd1ef3efbae4a892d89.tar.bz2 invidious-ea52c05f0505cd0881766dd1ef3efbae4a892d89.zip