From 91d46d2fb872a572dcd8e645b2d60be4d4c7ca24 Mon Sep 17 00:00:00 2001
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Wed, 23 Dec 2015 17:08:40 +0000
Subject: [PATCH] [1.8.x] Discouraged use of /tmp with predictable names.

The use of predictable filenames in /tmp often leads to symlink attacks
so remove the most obvious use of them in the docs.

Backport of 77b8d8cb6d6d6345f479c68c4892291c1492ba7e from master
---
 django/db/models/fields/files.py       | 2 +-
 docs/howto/static-files/deployment.txt | 2 +-
 docs/man/django-admin.1                | 2 +-
 docs/ref/django-admin.txt              | 2 +-
 docs/ref/models/fields.txt             | 2 +-
 docs/topics/files.txt                  | 4 ++--
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/django/db/models/fields/files.py b/django/db/models/fields/files.py
index d6c1eaf49f..bf447591b0 100644
--- a/django/db/models/fields/files.py
+++ b/django/db/models/fields/files.py
@@ -163,7 +163,7 @@ class FileDescriptor(object):
 
     Assigns a file object on assignment so you can do::
 
-        >>> with open('/tmp/hello.world', 'r') as f:
+        >>> with open('/path/to/hello.world', 'r') as f:
         ...     instance.file = File(f)
 
     """
diff --git a/docs/howto/static-files/deployment.txt b/docs/howto/static-files/deployment.txt
index a88403fda8..c53975223f 100644
--- a/docs/howto/static-files/deployment.txt
+++ b/docs/howto/static-files/deployment.txt
@@ -95,7 +95,7 @@ Here's how this might look in a fabfile::
     from fabric.contrib import project
 
     # Where the static files get collected locally. Your STATIC_ROOT setting.
-    env.local_static_root = '/tmp/static'
+    env.local_static_root = '/path/to/static'
 
     # Where the static files should go remotely
     env.remote_static_root = '/home/www/static.example.com'
diff --git a/docs/man/django-admin.1 b/docs/man/django-admin.1
index 557907231d..9c372ee422 100644
--- a/docs/man/django-admin.1
+++ b/docs/man/django-admin.1
@@ -2588,7 +2588,7 @@ support the \fBstdout\fP and \fBstderr\fP options. For example, you could write:
 .sp
 .nf
 .ft C
-with open(\(aq/tmp/command_output\(aq) as f:
+with open(\(aq/path/to/command_output\(aq) as f:
     management.call_command(\(aqdumpdata\(aq, stdout=f)
 .ft P
 .fi
diff --git a/docs/ref/django-admin.txt b/docs/ref/django-admin.txt
index 14b0c21367..3b73f9a26e 100644
--- a/docs/ref/django-admin.txt
+++ b/docs/ref/django-admin.txt
@@ -1963,5 +1963,5 @@ Output redirection
 Note that you can redirect standard output and error streams as all commands
 support the ``stdout`` and ``stderr`` options. For example, you could write::
 
-    with open('/tmp/command_output') as f:
+    with open('/path/to/command_output') as f:
         management.call_command('dumpdata', stdout=f)
diff --git a/docs/ref/models/fields.txt b/docs/ref/models/fields.txt
index 51e4b0de18..74d721afc4 100644
--- a/docs/ref/models/fields.txt
+++ b/docs/ref/models/fields.txt
@@ -778,7 +778,7 @@ Python file object like this::
 
     from django.core.files import File
     # Open an existing file using Python's built-in open()
-    f = open('/tmp/hello.world')
+    f = open('/path/to/hello.world')
     myfile = File(f)
 
 Or you can construct one from a Python string like this::
diff --git a/docs/topics/files.txt b/docs/topics/files.txt
index ce8a5c75a0..81b82e3d73 100644
--- a/docs/topics/files.txt
+++ b/docs/topics/files.txt
@@ -91,7 +91,7 @@ using a Python built-in ``file`` object::
     >>> from django.core.files import File
 
     # Create a Python file object using open()
-    >>> f = open('/tmp/hello.world', 'w')
+    >>> f = open('/path/to/hello.world', 'w')
     >>> myfile = File(f)
 
 Now you can use any of the documented attributes and methods
@@ -103,7 +103,7 @@ The following approach may be used to close files automatically::
     >>> from django.core.files import File
 
     # Create a Python file object using open() and the with statement
-    >>> with open('/tmp/hello.world', 'w') as f:
+    >>> with open('/path/to/hello.world', 'w') as f:
     ...     myfile = File(f)
     ...     myfile.write('Hello World')
     ...