Opened 15 years ago
Closed 15 years ago
#10296 closed (duplicate)
Unescaped output from FileField.url
| Reported by: | Masklinn | Owned by: | nobody |
|---|---|---|---|
| Component: | File uploads/storage | Version: | 1.0 |
| Severity: | Keywords: | filefield url escaping quote | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
FileField.url doesn't escape its output, resulting in validation errors if the URL contains spaces and breakages if it contains non-ascii characters or ?.
This is related to #5160 basically the same bug using the old FileField and the get_FOO_url method.
The patch attached fixes the issue, but is fairly hacky in that self.storage.url returns the complete url (including scheme and netloc) so : has to be ignored on top of /. It would be nice to use urllib.urlsplit and escape only the path, but that breaks in case there's a ? in the file path.
Attachments (1)
Change History (2)
by , 15 years ago
| Attachment: | files.diff added |
|---|
comment:1 by , 15 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Duplicate of #5160