kallithea Changeset - 8993d401575b

Changeset - 8993d401575b

Parent rev.

Child rev.

[Not reviewed]

stable

0 1 0

Mads Kiilerich (mads) - 4 years ago 2022-02-07 19:07:08
mads@kiilerich.com

Grafted from: e7930d122a44

files: fix raw download of repo files with names with unicode points above 256 in name

Raw download had apparently only been tested with non-ascii characters that
were latin1. That was apparently a (too) simple case that worked without
crashing.

Files with unicode code points above 256 in their name would fail to download,
when Waitress failed like this, trying to get a real byte string by encoding
WSGI headers to latin1:
UnicodeEncodeError: 'latin-1' codec can't encode characters in position 84-85: ordinal not in range(256)

HTTP headers are of course byte strings on the network, but Python3 WSGI does
unfortunately neither expose it as bytes nor as unicode strings to be encoded
as utf-8. Instead, it uses unicode strings with byte values encoded as code
points 0-255. That is achieved by decoding the utf-8 encoded bytes as latin1.

For raw downloads, the recommended download filename is provided in the
Content-Disposition header. The problem is that it was provided as a real
unicode string.

Fixed by applying the "proper" latin1-decoding of a utf8-encoding.

1 file changed with 2 insertions and 2 deletions:

kallithea/controllers/files.py

0 comments (0 inline, 0 general)

kallithea/controllers/files.py

➞

Show inline comments

@@ @@ -35,25 +35,25 @@ from collections import OrderedDict @@
 from tg import request, response
 from tg import tmpl_context as c
 from tg.i18n import ugettext as _
 from webob.exc import HTTPFound, HTTPNotFound
 import kallithea
 import kallithea.lib.helpers as h
 from kallithea.controllers import base
 from kallithea.lib import diffs, webutils
 from kallithea.lib.auth import HasRepoPermissionLevelDecorator, LoginRequired
 from kallithea.lib.exceptions import NonRelativePathError
 from kallithea.lib.utils2 import asbool, convert_line_endings, detect_mode, safe_str
+from kallithea.lib.utils2 import asbool, convert_line_endings, detect_mode, safe_bytes, safe_str
 from kallithea.lib.vcs.backends.base import EmptyChangeset
 from kallithea.lib.vcs.conf import settings
 from kallithea.lib.vcs.exceptions import (ChangesetDoesNotExistError, ChangesetError, EmptyRepositoryError, ImproperArchiveTypeError, NodeAlreadyExistsError,
                                           NodeDoesNotExistError, NodeError, RepositoryError, VCSError)
 from kallithea.lib.vcs.nodes import FileNode
 from kallithea.lib.vcs.utils import author_email
 from kallithea.lib.webutils import url
 from kallithea.model import userlog
 from kallithea.model.repo import RepoModel
 from kallithea.model.scm import ScmModel
@@ @@ -224,25 +224,25 @@ class FilesController(base.BaseRepoContr @@
             c.authors = []
             for a in set([x.author for x in _hist]):
                 c.authors.append((author_email(a), h.person(a)))
             return base.render('files/files_history_box.html')
     @LoginRequired(allow_default_user=True)
     @HasRepoPermissionLevelDecorator('read')
     def rawfile(self, repo_name, revision, f_path):
         cs = self.__get_cs(revision)
         file_node = self.__get_filenode(cs, f_path)
         response.content_disposition = \
             'attachment; filename=%s' % f_path.split(kallithea.URL_SEP)[-1]
+            'attachment; filename=%s' % safe_bytes(f_path.split(kallithea.URL_SEP)[-1]).decode('latin1')
         response.content_type = file_node.mimetype
         return file_node.content
     @LoginRequired(allow_default_user=True)
     @HasRepoPermissionLevelDecorator('read')
     def raw(self, repo_name, revision, f_path):
         cs = self.__get_cs(revision)
         file_node = self.__get_filenode(cs, f_path)
         raw_mimetype_mapping = {
             # map original mimetype to a mimetype used for "show as raw"

0 comments (0 inline, 0 general)