Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#15181 closed (fixed)

FileSystemStorage generates wrong URL when path contains special characters

Reported by: e.generalov Owned by: nobody
Component: File uploads/storage Version: master
Severity: Keywords:
Cc: paulegan@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I have a model with models.FileField and admin interface. When I upload any file that contains special characters in the name (for example test#12.jpg), then I can't to download it by link in the admin change form.

There is a bug in the FileSystemStorage URL generation algorithm. This doesn't escapes special characters. Therefore the '/media/test#12.jpg' URL is produced and browser treats #12.jpg as a fragment part.

I notice same bug in the https://github.com/sorl/sorl-thumbnail/blob/legacy/sorl/thumbnail/main.py#L96 too, where iri_to_uri() is used for filepath-to-uri convertion (this method gives a wrong result too).
Therefore I suggest to place such function in the django core (see the patch).

Attachments (1)

filepath_to_uri.patch (3.2 KB) - added by e.generalov 5 years ago.

Download all attachments as: .zip

Change History (8)

Changed 5 years ago by e.generalov

comment:1 Changed 5 years ago by anonymous

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Ready for checkin

comment:2 Changed 5 years ago by jezdez

  • Triage Stage changed from Ready for checkin to Accepted

Please don't set the triage stage to RFC as an anonymous user.

comment:3 Changed 5 years ago by russellm

  • Triage Stage changed from Accepted to Ready for checkin

Sorry - that was me.

comment:4 Changed 5 years ago by russellm

  • Resolution set to fixed
  • Status changed from new to closed

In [15409]:

Fixed #15181 -- Ensure that special characters are escaped when querying for the URL of an uploaded file. Thanks to e.generalov for the report and patch.

comment:5 Changed 5 years ago by russellm

In [15410]:

[1.2.X] Fixed #15181 -- Ensure that special characters are escaped when querying for the URL of an uploaded file. Thanks to e.generalov for the report and patch.

Backport of r15409 from trunk.

comment:6 Changed 5 years ago by paulegan

  • Cc paulegan@… added

NB: This change means that URLs stored in FileFields or ImageFields using the default storage are now handled differently.

Previously:

>>> from django.core.files.storage import DefaultStorage, settings
>>> settings.configure(MEDIA_URL='http://localhost')
>>> DefaultStorage().url('http://media/test')
'http://media/test'

Now:

>>> from django.core.files.storage import DefaultStorage, settings
>>> settings.configure(MEDIA_URL='http://localhost')
>>> DefaultStorage().url('http://media/test')
'http://localhost/http%3A//media/test'

comment:7 Changed 5 years ago by russellm

@paulegan: For future reference, regressions should be opened as a new ticket, not as continuing discussion on a closed ticket. I've opened #15521 to track this.

Note: See TracTickets for help on using tickets.
Back to Top