From 5bafae0f6757e0152a970afa8618e926cb10896a Mon Sep 17 00:00:00 2001
From: Kenichi Ishigaki <ishigaki@cpan.org>
Date: Sat, 3 May 2025 16:42:31 +0900
Subject: [PATCH 1/2] Set content_disposition and content_type headers before
 serving a generated YAML file

---
 lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm b/lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm
index 3d3ad3078..e1c2bec14 100644
--- a/lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm
+++ b/lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm
@@ -12,6 +12,9 @@ sub register {
     local $YAML::Syck::ImplicitUnicode = 1;
     my $dump = YAML::Syck::Dump($data);
     my $edump = Encode::encode_utf8($dump);
+    my $action = $c->req->param('ACTION') || 'pause';
+    $c->res->headers->content_disposition("attachment; filename=$action.yaml");
+    $c->res->headers->content_type('application/yaml');
     $c->stash(format => "text");
     $c->render(text => $edump);
     return;

From af66c894194cfa032119febfe1ddf1706c48aae3 Mon Sep 17 00:00:00 2001
From: Kenichi Ishigaki <ishigaki@cpan.org>
Date: Sat, 3 May 2025 17:21:39 +0900
Subject: [PATCH 2/2] Remove unexpected characters from the action

---
 lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm b/lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm
index e1c2bec14..9eaab624a 100644
--- a/lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm
+++ b/lib/pause_2017/PAUSE/Web/Plugin/RenderYAML.pm
@@ -13,6 +13,7 @@ sub register {
     my $dump = YAML::Syck::Dump($data);
     my $edump = Encode::encode_utf8($dump);
     my $action = $c->req->param('ACTION') || 'pause';
+    $action =~ tr/a-z0-9_//cd;
     $c->res->headers->content_disposition("attachment; filename=$action.yaml");
     $c->res->headers->content_type('application/yaml');
     $c->stash(format => "text");