On Fri, May 9, 2008 at 2:00 PM, Alex Morega <[EMAIL PROTECTED]> wrote:
> There seems to be a race condition in Django's model code for file
> uploads. Here's the relevant code snippet (django/db/models/base.py
> line 458 in the latest SVN version - #7520):
>
> while os.path.exists(os.path.join(settings.MEDIA_ROOT,
> filename)):
> try:
> dot_index = filename.rindex('.')
> except ValueError: # filename has no dot
> filename += '_'
> else:
> filename = filename[:dot_index] + '_' +
> filename[dot_index:]
>
> So the problem is that, if two instances of Django are trying to save
> a file with the same name (even plus/minus a few trailing
> underscores), one could end up overwriting the other one's file. The
> event is highly unlikely, but that doesn't mean it's safe, imho. Or
> I'm missing something obvious, maybe related to database transactions
> providing some kind of locking?
This has been reported in ticket #4948.[1] The solution proposed in
that ticket has some cross-platform concerns, however, so it's not
clear if there's a fool-proof way to tackle it. My file storage
refactor[2] will allow you to manually provide the behavior described
in #4948 if your platform supports it, so I think it'll end up just
being a snippet you can use if your application actually runs into the
problem.
Until #5361 lands, however, the only way to do it is to patch Django
itself, since #4948 is unlikely to get committed without
cross-platform compatibility.
-Gul
[1] http://code.djangoproject.com/ticket/4948
[2] http://code.djangoproject.com/ticket/5361
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
