Re: [Django] #28540: Document changes to file upload permissions in Django 1.11

Mon, 09 Jul 2018 13:43:00 -0700 

#28540: Document changes to file upload permissions in Django 1.11
-------------------------------------+-------------------------------------
     Reporter:  Yaroslav Demidenko   |                    Owner:  nobody
         Type:                       |                   Status:  new
  Cleanup/optimization               |
    Component:  Documentation        |                  Version:  1.11
     Severity:  Normal               |               Resolution:
     Keywords:  ImageField, save,    |             Triage Stage:  Accepted
  permissions                        |
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Tim Graham):

 As I mentioned in the PR discussion, the new behavior seems consistent
 with the
 
[https://github.com/django/django/commit/ff420b43647dd7f149f000efd2c7eb077f6ba5cf
 original documentation] added with the introduction of the
 `FILE_UPLOAD_PERMISSIONS` setting:
  On most platforms, temporary files will have a mode of `0600`, and files
 saved from memory will be saved using thesystem's standard umask.

 By default, `MemoryFileUploadHandler` is used for files up to
 `settings.FILE_UPLOAD_MAX_MEMORY_SIZE`, otherwise
 `TemporaryFileUploadHandler` is used.

 If we decide not to make a change (probably the discussion should move to
 django-developers), then we could at least add a note to the deployment
 checklist. Carlton proposed adding a system check that warns if the
 `FILE_UPLOAD_PERMISSIONS` setting isn't set but that feels a bit heavy
 handed as none of the open source Django projects I checked have specified
 this setting so presumably it isn't a common issue.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/28540#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.d48d25a4b8b3f7b89b084ed755cb1a4f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to