Changeset - 8993d401575b
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Mads Kiilerich (mads) - 4 years ago 2022-02-07 19:07:08
mads@kiilerich.com
Grafted from: e7930d122a44
files: fix raw download of repo files with names with unicode points above 256 in name

Raw download had apparently only been tested with non-ascii characters that
were latin1. That was apparently a (too) simple case that worked without
crashing.

Files with unicode code points above 256 in their name would fail to download,
when Waitress failed like this, trying to get a real byte string by encoding
WSGI headers to latin1:
UnicodeEncodeError: 'latin-1' codec can't encode characters in position 84-85: ordinal not in range(256)

HTTP headers are of course byte strings on the network, but Python3 WSGI does
unfortunately neither expose it as bytes nor as unicode strings to be encoded
as utf-8. Instead, it uses unicode strings with byte values encoded as code
points 0-255. That is achieved by decoding the utf-8 encoded bytes as latin1.

For raw downloads, the recommended download filename is provided in the
Content-Disposition header. The problem is that it was provided as a real
unicode string.

Fixed by applying the "proper" latin1-decoding of a utf8-encoding.
1 file changed with 2 insertions and 2 deletions:
kallithea/controllers/files.py
2
2
0 comments (0 inline, 0 general)
kallithea/controllers/files.py
Show inline comments
 
@@ -41,13 +41,13 @@ from webob.exc import HTTPFound, HTTPNot
 
import kallithea
 
import kallithea.lib.helpers as h
 
from kallithea.controllers import base
 
from kallithea.lib import diffs, webutils
 
from kallithea.lib.auth import HasRepoPermissionLevelDecorator, LoginRequired
 
from kallithea.lib.exceptions import NonRelativePathError
 
from kallithea.lib.utils2 import asbool, convert_line_endings, detect_mode, safe_str
 
from kallithea.lib.utils2 import asbool, convert_line_endings, detect_mode, safe_bytes, safe_str
 
from kallithea.lib.vcs.backends.base import EmptyChangeset
 
from kallithea.lib.vcs.conf import settings
 
from kallithea.lib.vcs.exceptions import (ChangesetDoesNotExistError, ChangesetError, EmptyRepositoryError, ImproperArchiveTypeError, NodeAlreadyExistsError,
 
                                          NodeDoesNotExistError, NodeError, RepositoryError, VCSError)
 
from kallithea.lib.vcs.nodes import FileNode
 
from kallithea.lib.vcs.utils import author_email
 
@@ -230,13 +230,13 @@ class FilesController(base.BaseRepoContr
 
    @HasRepoPermissionLevelDecorator('read')
 
    def rawfile(self, repo_name, revision, f_path):
 
        cs = self.__get_cs(revision)
 
        file_node = self.__get_filenode(cs, f_path)
 

			




	
	
	
		
 
        response.content_disposition = \

			




	
	
	
		
 
            'attachment; filename=%s' % f_path.split(kallithea.URL_SEP)[-1]

			




	
	
	
		
 
            'attachment; filename=%s' % safe_bytes(f_path.split(kallithea.URL_SEP)[-1]).decode('latin1')

			




	
	
	
		
 

			




	
	
	
		
 
        response.content_type = file_node.mimetype

			




	
	
	
		
 
        return file_node.content

			




	
	
	
		
 

			




	
	
	
		
 
    @LoginRequired(allow_default_user=True)

			




	
	
	
		
 
    @HasRepoPermissionLevelDecorator('read')

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: clio-30922
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.
            – Support