From 70cbf251f127998420c0ff18af51477d09fc95d2 Mon Sep 17 00:00:00 2001
From: Giedrius Slavinskas <giedrius@inovera.lt>
Date: Wed, 31 Oct 2012 17:53:10 +0200
Subject: [PATCH] [FIX] escape returned database backup and exported data
 filenames

bzr revid: giedrius@inovera.lt-20121031155310-htyh0qdvsxudnm59
---
 addons/web/controllers/main.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/addons/web/controllers/main.py b/addons/web/controllers/main.py
index 26ab732118f..ad8d91ed1dd 100644
--- a/addons/web/controllers/main.py
+++ b/addons/web/controllers/main.py
@@ -855,7 +855,7 @@ class Database(openerpweb.Controller):
             }
             return req.make_response(db_dump,
                [('Content-Type', 'application/octet-stream; charset=binary'),
-               ('Content-Disposition', 'attachment; filename="' + filename + '"')],
+               ('Content-Disposition', content_disposition(filename, req))],
                {'fileToken': int(token)}
             )
         except xmlrpclib.Fault, e:
@@ -1864,7 +1864,8 @@ class Export(View):
 
 
         return req.make_response(self.from_data(columns_headers, import_data),
-            headers=[('Content-Disposition', 'attachment; filename="%s"' % self.filename(model)),
+            headers=[('Content-Disposition',
+                            content_disposition(self.filename(model), req)),
                      ('Content-Type', self.content_type)],
             cookies={'fileToken': int(token)})