Hi! There are a couple of bugs open/closed about what happens when you upload a new file to a file field that already has a file:
http://code.djangoproject.com/ticket/11663 http://code.djangoproject.com/ticket/2983 http://code.djangoproject.com/ticket/4339 Progress is currently halted because a design decision is needed, maybe the problem is conflicting visions of what FileField is. First: what happens right now is that the old file is left behind. If the new file has the same name as the old, it is mangled so both can stay. As has been pointed out in 2983, this is all else set aside a security problem because the old file is essentially garbage that when left behind makes you vulnerable to someone filling up the disk (say on shared hosting with few resources) by uploading the same file over and over. So even if you check file sizes, you're not safe. Here are two ideas of what FileField is: 1) a convenient file pointer for facilitating the upload machinery 2) a field for storing a file, just like storing it directly in the database except we put the data in the file system I think Django is currently the first. It won't let you overwrite files (insists on mangling), it doesn't clean up the garbage, it does a sort of reference counting so when the object is deleted, it first checks if other objects with the same field is pointing to the file before whacking it. The implication of the second idea is a one-to-one mapping between fields and files that Django will do everything it can to maintain. I think the difference amounts to: always delete old files, don't go through the whole table upon delete since if you messed with the pointers, you pay the price (consider a table unique constraint instead), and perhaps be a bit more careful so it's possible to reupload a file with the same name to the same object without hitting the name mangling code. The documentation just says it's "A file-upload field." I think a file- upload field would be better served by the second idea because you don't have to think about ownership - Django's got it. What do you think? Ole --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
