Commit 91d46d2f authored by Chris Lamb's avatar Chris Lamb Committed by Tim Graham
Browse files

[1.8.x] Discouraged use of /tmp with predictable names. 

The use of predictable filenames in /tmp often leads to symlink attacks
so remove the most obvious use of them in the docs.

Backport of 77b8d8cb from master
parent 464128eb

django/db/models/fields/files.py

+1 −1
Original line number Diff line number Diff line
@@ -163,7 +163,7 @@ class FileDescriptor(object): 


    Assigns a file object on assignment so you can do::



        >>> with open('/tmp/hello.world', 'r') as f:

        >>> with open('/path/to/hello.world', 'r') as f:

        ...     instance.file = File(f)



    """

docs/howto/static-files/deployment.txt

+1 −1
Original line number Diff line number Diff line
@@ -95,7 +95,7 @@ Here's how this might look in a fabfile:: 
    from fabric.contrib import project



    # Where the static files get collected locally. Your STATIC_ROOT setting.

    env.local_static_root = '/tmp/static'

    env.local_static_root = '/path/to/static'



    # Where the static files should go remotely

    env.remote_static_root = '/home/www/static.example.com'

docs/man/django-admin.1

+1 −1
Original line number Diff line number Diff line
@@ -2588,7 +2588,7 @@ support the \fBstdout\fP and \fBstderr\fP options. For example, you could write: 
.sp

.nf

.ft C

with open(\(aq/tmp/command_output\(aq) as f:

with open(\(aq/path/to/command_output\(aq) as f:

    management.call_command(\(aqdumpdata\(aq, stdout=f)

.ft P

.fi

docs/ref/django-admin.txt

+1 −1
Original line number Diff line number Diff line
@@ -1963,5 +1963,5 @@ Output redirection 
Note that you can redirect standard output and error streams as all commands

support the ``stdout`` and ``stderr`` options. For example, you could write::



    with open('/tmp/command_output') as f:

    with open('/path/to/command_output') as f:

        management.call_command('dumpdata', stdout=f)

docs/ref/models/fields.txt

+1 −1
Original line number Diff line number Diff line
@@ -778,7 +778,7 @@ Python file object like this:: 


    from django.core.files import File

    # Open an existing file using Python's built-in open()

    f = open('/tmp/hello.world')

    f = open('/path/to/hello.world')

    myfile = File(f)



Or you can construct one from a Python string like this::