id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
21668	"Invalid upload_to FileField attribute results in hard-to-debug ""Bad Request"" 400 error."	Sam Thompson	ANUBHAV JOSHI	"It's admirable that django tries to prevent files from being uploaded outside of MEDIA_ROOT.  However, the documentation for file uploads (https://docs.djangoproject.com/en/dev/topics/http/file-uploads/) doesn't make this requirement clear, and getting it wrong results in several layers of useful error messages getting eaten by a generic message instead.

It starts with django.utils._os.safe_join raising a ValueError if the upload_to path isn't within MEDIA_ROOT.  This has a useful message payload showing both paths and why the exception happened.  This message isn't logged.

However, django.core.files.storage.FileSystemStorage.path immediately catches that exception, eats the message, and raises a much more generic SuspiciousFileOperation, containing the desired path but no explanation of what went wrong.

Finally, django.core.handlers.base.BaseHandler.get_response catches that SuspiciousOperation, logs the message (good if you have logging turned on, which many users do not), eats the exception and returns a 400 response instead.  

All the user sees is ""400 Bad Request"", no traceback and certainly not the original and useful ValueError message."	Cleanup/optimization	closed	Documentation	dev	Normal	fixed		Tim Graham	Accepted	0	0	0	0	0	0