Unescaped output from FileField.url
|Reported by:||masklinn||Owned by:||nobody|
|Severity:||Keywords:||filefield url escaping quote|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
FileField.url doesn't escape its output, resulting in validation errors if the URL contains spaces and breakages if it contains non-ascii characters or ?.
This is related to #5160 basically the same bug using the old FileField and the get_FOO_url method.
The patch attached fixes the issue, but is fairly hacky in that self.storage.url returns the complete url (including scheme and netloc) so : has to be ignored on top of /. It would be nice to use urllib.urlsplit and escape only the path, but that breaks in case there's a ? in the file path.