#12670: TemporaryUploadedFile objects do not respect FILE_UPLOAD_PERMISSIONS
-------------------------------------+-------------------------------------
Reporter: andrewbadr | Owner: nobody
Type: | Status: new
Cleanup/optimization | Version: master
Component: File | Resolution:
uploads/storage | Triage Stage: Design
Severity: Normal | decision needed
Keywords: | Needs documentation: 1
Has patch: 0 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 1 |
-------------------------------------+-------------------------------------
Changes (by simon29):
* status: closed => new
* cc: simon@… (added)
* version: 1.2-alpha => master
* easy: 0 => 1
* needs_docs: 0 => 1
* resolution: wontfix =>
Comment:
Sorry, re-opening, this issue isn't resolved. It just bit me again.
If we must have an implicit 0600 on temporary file uploads, and an
explicit setting FILE_UPLOAD_PERMISSIONS that doesn't work, then at the
least we need to clearly document the inconsistent behaviour.
I understand the security concern, but having a setting that tells me I
can choose the mode leads me to think, well, er, I can change the mode.
--
Ticket URL: <https://code.djangoproject.com/ticket/12670#comment:13>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/068.97313de0048615d7031eafbe77665ce0%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.
