OO-5193: in forums, encode the file name in links

src/main/java/org/olat/core/gui/render/velocity/VelocityRenderDecorator.java

@@ -645,6 +645,10 @@ public class VelocityRenderDecorator implements Closeable {
 	public String encodeUrl(String url) {
 		return renderer.getUrlBuilder().encodeUrl(url);
 	}
+	
+	public String encodeUrlPathSegment(String path) {
+		return StringHelper.encodeUrlPathSegment(path);
+	}
 
 
 	/**escapes " entities in \"

src/main/java/org/olat/core/util/StringHelper.java

@@ -30,6 +30,7 @@ import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.io.Writer;
 import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.text.DateFormat;
 import java.text.DecimalFormat;
 import java.text.DecimalFormatSymbols;
@@ -54,6 +55,7 @@ import org.olat.core.util.filter.FilterFactory;
 import org.olat.core.util.filter.impl.HtmlScanner;
 import org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter;
 import org.olat.user.UserManager;
+import org.springframework.web.util.UriUtils;
 
 import com.thoughtworks.xstream.core.util.Base64Encoder;
 
@@ -456,6 +458,10 @@ public class StringHelper {
 			log.error("Error escaping JavaScript", e);
 		}
 	}
+	
+	public static final String encodeUrlPathSegment(String path) {
+		return UriUtils.encodePathSegment(path, StandardCharsets.UTF_8);
+	}
 
 	/**
 	 * @param cellValue

src/main/java/org/olat/modules/fo/ui/_content/threadview.html

@@ -168,7 +168,7 @@
 			#foreach($attachment in $message.attachments)
 				#set($fname = $attachment.getName())
 				<li class="o_attachment">
-					<a href="$r.commandURI("attachment_${foreach.count}_${message.key}")$fname" target="_blank">
+					<a href="$r.commandURI("attachment_${foreach.count}_${message.key}")$r.encodeUrlPathSegment($fname)" target="_blank">
 						<div class="o_filename">$r.escapeHtml($fname)</div>
 						<div class="o_size">
 							<i class="o_icon o_icon-fw $r.getFiletypeIconCss($fname)"></i>