From 0f18e4afe51214f20d5afbd0ebdc239ad74a9dee Mon Sep 17 00:00:00 2001 From: Marijn Doeve Date: Wed, 1 Jul 2026 22:33:16 +0200 Subject: [PATCH] Use HeaderUtils::makeDisposition() for safe Content-Disposition filename --- src/Controller/Backoffice/BackofficeController.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Controller/Backoffice/BackofficeController.php b/src/Controller/Backoffice/BackofficeController.php index 164e9f4..4c0a0b6 100644 --- a/src/Controller/Backoffice/BackofficeController.php +++ b/src/Controller/Backoffice/BackofficeController.php @@ -6,6 +6,7 @@ namespace Tvdt\Controller\Backoffice; use Doctrine\ORM\EntityManagerInterface; use Symfony\Bundle\SecurityBundle\Security; +use Symfony\Component\HttpFoundation\HeaderUtils; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\StreamedResponse; @@ -93,7 +94,7 @@ final class BackofficeController extends AbstractController { $response = new StreamedResponse($this->excel->quizToXlsx($quiz)); $response->headers->set('Content-Type', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'); - $response->headers->set('Content-Disposition', 'attachment; filename="'.$quiz->name.'.xlsx"'); + $response->headers->set('Content-Disposition', HeaderUtils::makeDisposition(HeaderUtils::DISPOSITION_ATTACHMENT, $quiz->name.'.xlsx')); return $response; }