On Fri, May 9, 2008 at 2:00 PM, Alex Morega <[EMAIL PROTECTED]> wrote: > There seems to be a race condition in Django's model code for file > uploads. Here's the relevant code snippet (django/db/models/base.py > line 458 in the latest SVN version - #7520): > > while os.path.exists(os.path.join(settings.MEDIA_ROOT, > filename)): > try: > dot_index = filename.rindex('.') > except ValueError: # filename has no dot > filename += '_' > else: > filename = filename[:dot_index] + '_' + > filename[dot_index:] > > So the problem is that, if two instances of Django are trying to save > a file with the same name (even plus/minus a few trailing > underscores), one could end up overwriting the other one's file. The > event is highly unlikely, but that doesn't mean it's safe, imho. Or > I'm missing something obvious, maybe related to database transactions > providing some kind of locking?
This has been reported in ticket #4948.[1] The solution proposed in that ticket has some cross-platform concerns, however, so it's not clear if there's a fool-proof way to tackle it. My file storage refactor[2] will allow you to manually provide the behavior described in #4948 if your platform supports it, so I think it'll end up just being a snippet you can use if your application actually runs into the problem. Until #5361 lands, however, the only way to do it is to patch Django itself, since #4948 is unlikely to get committed without cross-platform compatibility. -Gul [1] http://code.djangoproject.com/ticket/4948 [2] http://code.djangoproject.com/ticket/5361 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---