[allura] branch master updated: [#8500] fix etag header so its always latin1 (or ascii) no unicode

Tue, 28 Feb 2023 08:47:50 -0800 

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git


The following commit(s) were added to refs/heads/master by this push:
     new b261e35a6 [#8500] fix etag header so its always latin1 (or ascii) no 
unicode
b261e35a6 is described below

commit b261e35a67d4f98867b49a3d2d4f62c95bac8545
Author: Dave Brondsema <[email protected]>
AuthorDate: Tue Feb 28 11:47:34 2023 -0500

    [#8500] fix etag header so its always latin1 (or ascii) no unicode
---
 Allura/allura/lib/utils.py                   | 3 ++-
 Allura/allura/tests/model/test_filesystem.py | 8 ++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 33f4b9e83..496ecf101 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -519,7 +519,8 @@ def serve_file(fp, filename, content_type, 
last_modified=None,
                cache_expires=None, size=None, embed=True, etag=None):
     '''Sets the response headers and serves as a wsgi iter'''
     if not etag and filename and last_modified:
-        etag = f'{filename}?{last_modified}'
+        # must be latin1, no unicode
+        etag = filename.encode("latin1", "backslashreplace").decode() + 
f'?{last_modified}'
     if etag:
         etag_cache(etag)
     tg.response.headers['Content-Type'] = ''
diff --git a/Allura/allura/tests/model/test_filesystem.py 
b/Allura/allura/tests/model/test_filesystem.py
index 5d2c11580..2efbff0c8 100644
--- a/Allura/allura/tests/model/test_filesystem.py
+++ b/Allura/allura/tests/model/test_filesystem.py
@@ -130,7 +130,9 @@ class TestFile(TestCase):
                 patch('allura.lib.utils.tg.response', Response()) as response, 
\
                 patch('allura.lib.utils.etag_cache') as etag_cache:
             response_body = list(f.serve())
-            etag_cache.assert_called_once_with('{}?{}'.format(f.filename, 
f._id.generation_time))
+            etag_val = etag_cache.call_args[0][0]
+            etag_val.encode('latin1')  # ensure it is all latin1 and OK for a 
http header (no unicode!)
+            assert etag_val == '{}?{}'.format(r'te s\u0b6e1.txt', 
f._id.generation_time)
             assert [b'test1'] == response_body
             assert response.content_type == f.content_type
             assert 'Content-Disposition' not in response.headers
@@ -142,7 +144,9 @@ class TestFile(TestCase):
                 patch('allura.lib.utils.tg.response', Response()) as response, 
\
                 patch('allura.lib.utils.etag_cache') as etag_cache:
             response_body = list(f.serve(embed=False))
-            etag_cache.assert_called_once_with('{}?{}'.format(f.filename, 
f._id.generation_time))
+            etag_val = etag_cache.call_args[0][0]
+            etag_val.encode('latin1')  # ensure it is all latin1 and OK for a 
http header (no unicode!)
+            assert etag_val == '{}?{}'.format(r'te s\u0b6e1.txt', 
f._id.generation_time)
             assert [b'test1'] == response_body
             assert response.content_type == f.content_type
             assert response.headers['Content-Disposition'] == 
'attachment;filename="te%20s%E0%AD%AE1.txt"'

Reply via email to