From a443ef3ac98bbbec5fa9131c5ad84988c95f34bf Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Nov 18 2017 18:27:31 +0000
Subject: Fixes for binary files


- Doubly ensure that we don't let the user try to edit a binary file
- Add a `Content-Disposition` header when viewing binary files

Inspired from https://pagure.io/fork/stbuehler/pagure/c/e5263d9daee21f7dde3d3cc02f6d481452f1b019

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

---

diff --git a/pagure/ui/repo.py b/pagure/ui/repo.py
index 86ae659..aa20dc7 100644
--- a/pagure/ui/repo.py
+++ b/pagure/ui/repo.py
@@ -484,6 +484,7 @@ def view_file(repo, identifier, filename, username=None, namespace=None):
     readme = None
     safe = False
     readme_ext = None
+    headers = {}
 
     if isinstance(content, pygit2.Blob):
         rawtext = str(flask.request.args.get('text')).lower() in ['1', 'true']
@@ -553,7 +554,8 @@ def view_file(repo, identifier, filename, username=None, namespace=None):
                 readme_ext = ext
         output_type = 'tree'
 
-    headers = {}
+    if output_type == 'binary':
+        headers['Content-Disposition'] = 'attachment'
 
     return (
         flask.render_template(
@@ -2216,7 +2218,13 @@ def edit_file(repo, branchname, filename, username=None, namespace=None):
         if is_binary_string(content.data):
             flask.abort(400, 'Cannot edit binary files')
 
-        data = repo_obj[content.oid].data.decode('utf-8')
+        try:
+            data = repo_obj[content.oid].data.decode('utf-8')
+        except UnicodeDecodeError:  # pragma: no cover
+            # In theory we shouldn't reach here since we check if the file
+            # is binary with `is_binary_string()` above
+            flask.abort(400, 'Cannot edit binary files')
+
     else:
         data = form.content.data.decode('utf-8')