fix(uploads): ugly filenames on uploaded asset downloading

During regular processing, a timestamp is prepended to the filename
for any uploaded files. We don't want this to be part of the filename
if an end-user elects to download the file.

This commit adds a middleware to strip out that portion of the
basename and adds the appropriate Content-Disposition header for
files in /uploads/files

Fixes #6953

src/middleware/index.js

@@ -28,6 +28,10 @@ var delayCache = LRU({
 
 var middleware = module.exports;
 
+middleware.regexes = {
+	timestampedUpload: /^\d+-.+$/,
+};
+
 middleware.applyCSRF = csrf();
 
 middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login');
@@ -218,3 +222,14 @@ middleware.buildSkinAsset = function (req, res, next) {
 		setImmediate(next);
 	}
 };
+
+middleware.trimUploadTimestamps = (req, res, next) => {
+	// Check match
+	let basename = path.basename(req.path);
+	if (req.path.startsWith('/uploads/files/') && middleware.regexes.timestampedUpload.test(basename)) {
+		basename = basename.slice(14);
+		res.header('Content-Disposition', 'inline; filename="' + basename + '"');
+	}
+
+	return next();
+};