From 54cbb4e64297d68ff6c9ef3fe03c283448e3533f Mon Sep 17 00:00:00 2001
From: David Lord <davidism@gmail.com>
Date: Thu, 27 Jun 2019 07:55:22 -0700
Subject: [PATCH 1/2] send_file quotes ":/" in UTF-8 filename

---
 CHANGES.rst           | 2 ++
 flask/helpers.py      | 2 +-
 tests/test_helpers.py | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index c92b384e..e1a3a9e0 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -8,6 +8,8 @@ Unreleased
 -   The key information for ``BadRequestKeyError`` is no longer cleared
     outside debug mode, so error handlers can still access it. This
     requires upgrading to Werkzeug 0.15.5. :issue:`3249`
+-   ``send_file`` url quotes the ":" and "/" characters for more
+    compatible UTF-8 filename support in some browsers. :issue:`3074`
 
 
 Version 1.0.3
diff --git a/flask/helpers.py b/flask/helpers.py
index c71ce3d8..f1eaa8e4 100644
--- a/flask/helpers.py
+++ b/flask/helpers.py
@@ -576,7 +576,7 @@ def send_file(filename_or_fp, mimetype=None, as_attachment=False,
             filenames = {
                 'filename': unicodedata.normalize(
                     'NFKD', attachment_filename).encode('ascii', 'ignore'),
-                'filename*': "UTF-8''%s" % url_quote(attachment_filename),
+                'filename*': "UTF-8''%s" % url_quote(attachment_filename, safe=b""),
             }
         else:
             filenames = {'filename': attachment_filename}
diff --git a/tests/test_helpers.py b/tests/test_helpers.py
index b2542d0e..d6a023e7 100644
--- a/tests/test_helpers.py
+++ b/tests/test_helpers.py
@@ -646,6 +646,8 @@ class TestSendfile(object):
         (u'Vögel.txt', 'Vogel.txt', 'V%C3%B6gel.txt'),
         # Native string not marked as Unicode on Python 2
         ('tést.txt', 'test.txt', 't%C3%A9st.txt'),
+        # ":/" are not safe in filename* value
+        (u"те:/ст", '":/"', "%D1%82%D0%B5%3A%2F%D1%81%D1%82"),
     ))
     def test_attachment_filename_encoding(self, filename, ascii, utf8):
         rv = flask.send_file('static/index.html', as_attachment=True, attachment_filename=filename)

From b9c22672724ee3c89cc959bd80d3fcd81afb10e7 Mon Sep 17 00:00:00 2001
From: David Lord <davidism@gmail.com>
Date: Mon, 1 Jul 2019 09:49:40 -0700
Subject: [PATCH 2/2] fix tests link

---
 README.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 994c799f..6187b3ef 100644
--- a/README.rst
+++ b/README.rst
@@ -62,7 +62,7 @@ Links
 * Releases: https://pypi.org/project/Flask/
 * Code: https://github.com/pallets/flask
 * Issue tracker: https://github.com/pallets/flask/issues
-* Test status: https://dev.azure.com/pallets/pallets/_build?definitionId=2
+* Test status: https://dev.azure.com/pallets/flask/_build
 * Official chat: https://discord.gg/t6rrQZH
 
 .. _WSGI: https://wsgi.readthedocs.io