test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Discouraged use of /tmp with predictable names. 

The use of predictable filenames in /tmp often leads to symlink attacks
so remove the most obvious use of them in the docs.
This commit is contained in:
Chris Lamb 2015-12-23 17:08:40 +00:00 committed by Tim Graham
parent a856555df2
commit 77b8d8cb6d
6 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/db/models/fields/files.py
View File

@ -149,7 +149,7 @@ class FileDescriptor(object):
Assigns a file object on assignment so you can do:: Assigns a file object on assignment so you can do::
>>> with open('/tmp/hello.world', 'r') as f: >>> with open('/path/to/hello.world', 'r') as f:
... instance.file = File(f) ... instance.file = File(f)
""" """
def __init__(self, field): def __init__(self, field):

2
docs/howto/static-files/deployment.txt
View File

@ -95,7 +95,7 @@ Here's how this might look in a fabfile::
from fabric.contrib import project from fabric.contrib import project
# Where the static files get collected locally. Your STATIC_ROOT setting. # Where the static files get collected locally. Your STATIC_ROOT setting.
env.local_static_root = '/tmp/static' env.local_static_root = '/path/to/static'
# Where the static files should go remotely # Where the static files should go remotely
env.remote_static_root = '/home/www/static.example.com' env.remote_static_root = '/home/www/static.example.com'

2
docs/man/django-admin.1
View File

@ -2404,7 +2404,7 @@ support the \fBstdout\fP and \fBstderr\fP options. For example, you could write:
.sp .sp
.nf .nf
.ft C .ft C
with open(\(aq/tmp/command_output\(aq) as f: with open(\(aq/path/to/command_output\(aq) as f:
management.call_command(\(aqdumpdata\(aq, stdout=f) management.call_command(\(aqdumpdata\(aq, stdout=f)
.ft P .ft P
.fi .fi

2
docs/ref/django-admin.txt
View File

@ -1784,5 +1784,5 @@ Output redirection
Note that you can redirect standard output and error streams as all commands Note that you can redirect standard output and error streams as all commands
support the ``stdout`` and ``stderr`` options. For example, you could write:: support the ``stdout`` and ``stderr`` options. For example, you could write::
with open('/tmp/command_output') as f: with open('/path/to/command_output') as f:
management.call_command('dumpdata', stdout=f) management.call_command('dumpdata', stdout=f)

2
docs/ref/models/fields.txt
View File

@ -783,7 +783,7 @@ Python file object like this::
from django.core.files import File from django.core.files import File
# Open an existing file using Python's built-in open() # Open an existing file using Python's built-in open()
f = open('/tmp/hello.world') f = open('/path/to/hello.world')
myfile = File(f) myfile = File(f)
Or you can construct one from a Python string like this:: Or you can construct one from a Python string like this::

4
docs/topics/files.txt
View File

@ -91,7 +91,7 @@ using a Python built-in ``file`` object::
>>> from django.core.files import File >>> from django.core.files import File
# Create a Python file object using open() # Create a Python file object using open()
>>> f = open('/tmp/hello.world', 'w') >>> f = open('/path/to/hello.world', 'w')
>>> myfile = File(f) >>> myfile = File(f)
Now you can use any of the documented attributes and methods Now you can use any of the documented attributes and methods
@ -103,7 +103,7 @@ The following approach may be used to close files automatically::
>>> from django.core.files import File >>> from django.core.files import File
# Create a Python file object using open() and the with statement # Create a Python file object using open() and the with statement
>>> with open('/tmp/hello.world', 'w') as f: >>> with open('/path/to/hello.world', 'w') as f:
... myfile = File(f) ... myfile = File(f)
... myfile.write('Hello World') ... myfile.write('Hello World')
... ...