Use basename for file in content-disposition (#4713)

Author: HazAT

src/sentry/api/endpoints/release_file_details.py

@@ -1,4 +1,5 @@
 from __future__ import absolute_import
+import posixpath
 
 from rest_framework import serializers
 from rest_framework.response import Response
@@ -79,7 +80,7 @@ def download(self, releasefile):
             content_type=file.headers.get('content-type', 'application/octet-stream'),
         )
         response['Content-Length'] = file.size
-        response['Content-Disposition'] = "attachment; filename=%s" % releasefile.name
+        response['Content-Disposition'] = 'attachment; filename="%s"' % posixpath.basename(releasefile.name)
         return response
 
     @attach_scenarios([retrieve_file_scenario])

tests/sentry/api/endpoints/test_release_file_details.py

@@ -80,7 +80,7 @@ def test_file_download(self):
 
         response = self.client.get(url + '?download=1')
         assert response.status_code == 200, response.content
-        assert response.get('Content-Disposition') == "attachment; filename=http://example.com/application.js"
+        assert response.get('Content-Disposition') == 'attachment; filename="application.js"'
         assert response.get('Content-Length') == six.text_type(f.size)
         assert response.get('Content-Type') == 'application/octet-stream'
         assert 'File contents here' == BytesIO(b"".join(response.streaming_content)).getvalue()