Opened 16 years ago
Closed 16 years ago
#10296 closed (duplicate)
Unescaped output from FileField.url
Reported by: | Masklinn | Owned by: | nobody |
---|---|---|---|
Component: | File uploads/storage | Version: | 1.0 |
Severity: | Keywords: | filefield url escaping quote | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
FileField.url
doesn't escape its output, resulting in validation errors if the URL contains spaces and breakages if it contains non-ascii characters or ?
.
This is related to #5160 basically the same bug using the old FileField
and the get_FOO_url
method.
The patch attached fixes the issue, but is fairly hacky in that self.storage.url returns the complete url (including scheme and netloc) so :
has to be ignored on top of /
. It would be nice to use urllib.urlsplit
and escape only the path
, but that breaks in case there's a ?
in the file path.
Attachments (1)
Change History (2)
by , 16 years ago
Attachment: | files.diff added |
---|
comment:1 by , 16 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
Duplicate of #5160