From 91d46d2fb872a572dcd8e645b2d60be4d4c7ca24 Mon Sep 17 00:00:00 2001 From: Chris Lamb Date: Wed, 23 Dec 2015 17:08:40 +0000 Subject: [PATCH] [1.8.x] Discouraged use of /tmp with predictable names. The use of predictable filenames in /tmp often leads to symlink attacks so remove the most obvious use of them in the docs. Backport of 77b8d8cb6d6d6345f479c68c4892291c1492ba7e from master --- django/db/models/fields/files.py | 2 +- docs/howto/static-files/deployment.txt | 2 +- docs/man/django-admin.1 | 2 +- docs/ref/django-admin.txt | 2 +- docs/ref/models/fields.txt | 2 +- docs/topics/files.txt | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/django/db/models/fields/files.py b/django/db/models/fields/files.py index d6c1eaf49f..bf447591b0 100644 --- a/django/db/models/fields/files.py +++ b/django/db/models/fields/files.py @@ -163,7 +163,7 @@ class FileDescriptor(object): Assigns a file object on assignment so you can do:: - >>> with open('/tmp/hello.world', 'r') as f: + >>> with open('/path/to/hello.world', 'r') as f: ... instance.file = File(f) """ diff --git a/docs/howto/static-files/deployment.txt b/docs/howto/static-files/deployment.txt index a88403fda8..c53975223f 100644 --- a/docs/howto/static-files/deployment.txt +++ b/docs/howto/static-files/deployment.txt @@ -95,7 +95,7 @@ Here's how this might look in a fabfile:: from fabric.contrib import project # Where the static files get collected locally. Your STATIC_ROOT setting. - env.local_static_root = '/tmp/static' + env.local_static_root = '/path/to/static' # Where the static files should go remotely env.remote_static_root = '/home/www/static.example.com' diff --git a/docs/man/django-admin.1 b/docs/man/django-admin.1 index 557907231d..9c372ee422 100644 --- a/docs/man/django-admin.1 +++ b/docs/man/django-admin.1 @@ -2588,7 +2588,7 @@ support the \fBstdout\fP and \fBstderr\fP options. For example, you could write: .sp .nf .ft C -with open(\(aq/tmp/command_output\(aq) as f: +with open(\(aq/path/to/command_output\(aq) as f: management.call_command(\(aqdumpdata\(aq, stdout=f) .ft P .fi diff --git a/docs/ref/django-admin.txt b/docs/ref/django-admin.txt index 14b0c21367..3b73f9a26e 100644 --- a/docs/ref/django-admin.txt +++ b/docs/ref/django-admin.txt @@ -1963,5 +1963,5 @@ Output redirection Note that you can redirect standard output and error streams as all commands support the ``stdout`` and ``stderr`` options. For example, you could write:: - with open('/tmp/command_output') as f: + with open('/path/to/command_output') as f: management.call_command('dumpdata', stdout=f) diff --git a/docs/ref/models/fields.txt b/docs/ref/models/fields.txt index 51e4b0de18..74d721afc4 100644 --- a/docs/ref/models/fields.txt +++ b/docs/ref/models/fields.txt @@ -778,7 +778,7 @@ Python file object like this:: from django.core.files import File # Open an existing file using Python's built-in open() - f = open('/tmp/hello.world') + f = open('/path/to/hello.world') myfile = File(f) Or you can construct one from a Python string like this:: diff --git a/docs/topics/files.txt b/docs/topics/files.txt index ce8a5c75a0..81b82e3d73 100644 --- a/docs/topics/files.txt +++ b/docs/topics/files.txt @@ -91,7 +91,7 @@ using a Python built-in ``file`` object:: >>> from django.core.files import File # Create a Python file object using open() - >>> f = open('/tmp/hello.world', 'w') + >>> f = open('/path/to/hello.world', 'w') >>> myfile = File(f) Now you can use any of the documented attributes and methods @@ -103,7 +103,7 @@ The following approach may be used to close files automatically:: >>> from django.core.files import File # Create a Python file object using open() and the with statement - >>> with open('/tmp/hello.world', 'w') as f: + >>> with open('/path/to/hello.world', 'w') as f: ... myfile = File(f) ... myfile.write('Hello World') ...