From 91d46d2fb872a572dcd8e645b2d60be4d4c7ca24 Mon Sep 17 00:00:00 2001
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Wed, 23 Dec 2015 17:08:40 +0000
Subject: [PATCH] [1.8.x] Discouraged use of /tmp with predictable names.
The use of predictable filenames in /tmp often leads to symlink attacks
so remove the most obvious use of them in the docs.
Backport of 77b8d8cb6d6d6345f479c68c4892291c1492ba7e from master
---
django/db/models/fields/files.py | 2 +-
docs/howto/static-files/deployment.txt | 2 +-
docs/man/django-admin.1 | 2 +-
docs/ref/django-admin.txt | 2 +-
docs/ref/models/fields.txt | 2 +-
docs/topics/files.txt | 4 ++--
6 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/django/db/models/fields/files.py b/django/db/models/fields/files.py
index d6c1eaf49f..bf447591b0 100644
--- a/django/db/models/fields/files.py
+++ b/django/db/models/fields/files.py
@@ -163,7 +163,7 @@ class FileDescriptor(object):
Assigns a file object on assignment so you can do::
- >>> with open('/tmp/hello.world', 'r') as f:
+ >>> with open('/path/to/hello.world', 'r') as f:
... instance.file = File(f)
"""
diff --git a/docs/howto/static-files/deployment.txt b/docs/howto/static-files/deployment.txt
index a88403fda8..c53975223f 100644
--- a/docs/howto/static-files/deployment.txt
+++ b/docs/howto/static-files/deployment.txt
@@ -95,7 +95,7 @@ Here's how this might look in a fabfile::
from fabric.contrib import project
# Where the static files get collected locally. Your STATIC_ROOT setting.
- env.local_static_root = '/tmp/static'
+ env.local_static_root = '/path/to/static'
# Where the static files should go remotely
env.remote_static_root = '/home/www/static.example.com'
diff --git a/docs/man/django-admin.1 b/docs/man/django-admin.1
index 557907231d..9c372ee422 100644
--- a/docs/man/django-admin.1
+++ b/docs/man/django-admin.1
@@ -2588,7 +2588,7 @@ support the \fBstdout\fP and \fBstderr\fP options. For example, you could write:
.sp
.nf
.ft C
-with open(\(aq/tmp/command_output\(aq) as f:
+with open(\(aq/path/to/command_output\(aq) as f:
management.call_command(\(aqdumpdata\(aq, stdout=f)
.ft P
.fi
diff --git a/docs/ref/django-admin.txt b/docs/ref/django-admin.txt
index 14b0c21367..3b73f9a26e 100644
--- a/docs/ref/django-admin.txt
+++ b/docs/ref/django-admin.txt
@@ -1963,5 +1963,5 @@ Output redirection
Note that you can redirect standard output and error streams as all commands
support the ``stdout`` and ``stderr`` options. For example, you could write::
- with open('/tmp/command_output') as f:
+ with open('/path/to/command_output') as f:
management.call_command('dumpdata', stdout=f)
diff --git a/docs/ref/models/fields.txt b/docs/ref/models/fields.txt
index 51e4b0de18..74d721afc4 100644
--- a/docs/ref/models/fields.txt
+++ b/docs/ref/models/fields.txt
@@ -778,7 +778,7 @@ Python file object like this::
from django.core.files import File
# Open an existing file using Python's built-in open()
- f = open('/tmp/hello.world')
+ f = open('/path/to/hello.world')
myfile = File(f)
Or you can construct one from a Python string like this::
diff --git a/docs/topics/files.txt b/docs/topics/files.txt
index ce8a5c75a0..81b82e3d73 100644
--- a/docs/topics/files.txt
+++ b/docs/topics/files.txt
@@ -91,7 +91,7 @@ using a Python built-in ``file`` object::
>>> from django.core.files import File
# Create a Python file object using open()
- >>> f = open('/tmp/hello.world', 'w')
+ >>> f = open('/path/to/hello.world', 'w')
>>> myfile = File(f)
Now you can use any of the documented attributes and methods
@@ -103,7 +103,7 @@ The following approach may be used to close files automatically::
>>> from django.core.files import File
# Create a Python file object using open() and the with statement
- >>> with open('/tmp/hello.world', 'w') as f:
+ >>> with open('/path/to/hello.world', 'w') as f:
... myfile = File(f)
... myfile.write('Hello World')
...