#10296: Unescaped output from FileField.url
------------------------------------------+---------------------------------
Reporter: masklinn | Owner: nobody
Status: new | Milestone:
Component: File uploads/storage | Version: 1.0
Keywords: filefield url escaping quote | Stage: Unreviewed
Has_patch: 1 |
------------------------------------------+---------------------------------
{{{FileField.url}}} doesn't escape its output, resulting in validation
errors if the URL contains spaces and breakages if it contains non-ascii
characters or {{{?}}}.
This is related to #5160 basically the same bug using the old
{{{FileField}}} and the {{{get_FOO_url}}} method.
The patch attached fixes the issue, but is fairly hacky in that
self.storage.url returns the complete url (including scheme and netloc) so
{{{:}}} has to be ignored on top of {{{/}}}. It would be nice to use
{{{urllib.urlsplit}}} and escape only the {{{path}}}, but that breaks in
case there's a {{{?}}} in the file path.
--
Ticket URL: <http://code.djangoproject.com/ticket/10296>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
