Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Werkzeug changed the behavior of url_quote in pallets/werkzeug@babfc93 Which appeared in Werkzeug 2.2.2 used in Debian Bookworm. This change broke at least the export feature in Odoo. In summary, the character set specified by [RFC5987] is more restricted than that of [RFC3986]. So url_quote now allows invalid characters. For example, a filename like `Journal Entry (account.move).xlsx` leads to a crash of the client with Werkzeug 2.2.2. url_quote is not really made to conform to [RFC6266] but we did not find any [RFC6266] escaping tool in the standard library. This commit explicitly specify as unsafe this list of chars. [RFC6266]: https://datatracker.ietf.org/doc/html/rfc6266/ [RFC5987]: https://datatracker.ietf.org/doc/html/rfc5987#section-3.2 [RFC3986]: https://datatracker.ietf.org/doc/html/rfc3986/ [RFC2616]: https://datatracker.ietf.org/doc/html/rfc2616#section-2 closes odoo#139483 X-original-commit: d145cb5 Signed-off-by: Julien Castiaux (juc) <juc@odoo.com> Signed-off-by: Christophe Monniez (moc) <moc@odoo.com>
- Loading branch information