/** * Returns Content-Disposition header value that is safe to use with both old and new browsers * * Fallback name: * * - Causes issues if contains non-ASCII characters with codes less than 32 or more than 126. * - Causes issues if contains urlencoded characters (starting with `%`) or `%` character. Some browsers interpret * `filename="X"` as urlencoded name, some don't. * - Causes issues if contains path separator characters such as `\` or `/`. * - Since value is wrapped with `"`, it should be escaped as `\"`. * - Since input could contain non-ASCII characters, fallback is obtained by transliteration. * * UTF name: * * - Causes issues if contains path separator characters such as `\` or `/`. * - Should be urlencoded since headers are ASCII-only. * - Could be omitted if it exactly matches fallback name. * * @param string $disposition * @param string $attachmentName * @return string * * @since 2.0.10 */ protected function getDispositionHeaderValue($disposition, $attachmentName) { $fallbackName = str_replace('"', '\\"', str_replace(['%', '/', '\\'], '_', Inflector::transliterate($attachmentName, Inflector::TRANSLITERATE_LOOSE))); $utfName = rawurlencode(str_replace(['%', '/', '\\'], '', $attachmentName)); $dispositionHeader = "{$disposition}; filename=\"{$fallbackName}\""; if ($utfName !== $fallbackName) { $dispositionHeader .= "; filename*=utf-8''{$utfName}"; } return $dispositionHeader; }