Home Explore Help
Sign In
CityApper
/
django
mirror of https://github.com/django/django
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fixed #30004 -- Changed default FILE_UPLOAD_PERMISSION to 0o644.

Himanshu Lakhara 6 years ago
parent
e7fd69d051
commit
22aab8662f
5 changed files with 18 additions and 13 deletions
Split View Show Diff Stats
  1. 1 1
      django/conf/global_settings.py
  2. 0 10
      docs/howto/deployment/checklist.txt
  3. 5 1
      docs/ref/settings.txt
  4. 11 0
      docs/releases/3.0.txt
  5. 1 1
      tests/test_utils/tests.py

+ 1 - 1
django/conf/global_settings.py
View File 

@@ -304,7 +304,7 @@ FILE_UPLOAD_TEMP_DIR = None
 
 
 # The numeric mode to set newly-uploaded files to. The value should be a mode
 
 # you'd pass directly to os.chmod; see https://docs.python.org/library/os.html#files-and-directories.
 
-FILE_UPLOAD_PERMISSIONS = None
 
+FILE_UPLOAD_PERMISSIONS = 0o644
 
 
 # The numeric mode to assign to newly-created directories, when uploading files.
 
 # The value should be a mode as you'd pass to os.chmod;

+ 0 - 10
docs/howto/deployment/checklist.txt
View File 

@@ -154,16 +154,6 @@ server never attempts to interpret them. For instance, if a user uploads a
 
 
 Now is a good time to check your backup strategy for these files.
 
 
-:setting:`FILE_UPLOAD_PERMISSIONS`
 
-----------------------------------
 
-
 
-With the default file upload settings, files smaller than
 
-:setting:`FILE_UPLOAD_MAX_MEMORY_SIZE` may be stored with a different mode
 
-than larger files as described in :setting:`FILE_UPLOAD_PERMISSIONS`.
 
-
 
-Setting :setting:`FILE_UPLOAD_PERMISSIONS` ensures all files are uploaded with
 
-the same permissions.
 
-
 
 HTTPS
 
 =====

+ 5 - 1
docs/ref/settings.txt
View File 

@@ -1484,7 +1484,7 @@ This value mirrors the functionality and caveats of the
 
 ``FILE_UPLOAD_PERMISSIONS``
 
 ---------------------------
 
 
-Default: ``None``
 
+Default: ``0o644``
 
 
 The numeric mode (i.e. ``0o644``) to set newly uploaded files to. For
 
 more information about what these modes mean, see the documentation for
 
@@ -1511,6 +1511,10 @@ when using the :djadmin:`collectstatic` management command. See
 
     way that modes must be specified. If you try to use ``644``, you'll
 
     get totally incorrect behavior.
 
 
+.. versionchanged:: 3.0
 
+
 
+    In older versions, the default value is ``None``.
 
+
 
 .. setting:: FILE_UPLOAD_TEMP_DIR
 
 
 ``FILE_UPLOAD_TEMP_DIR``

+ 11 - 0
docs/releases/3.0.txt
View File 

@@ -284,6 +284,17 @@ Django 3.0, we're removing these APIs at this time.
 
 
 * ``django.utils.safestring.SafeBytes`` - Unused since Django 2.0.
 
 
+New default value for the ``FILE_UPLOAD_PERMISSIONS`` setting
 
+-------------------------------------------------------------
 
+
 
+In older versions, the :setting:`FILE_UPLOAD_PERMISSIONS` setting defaults to
 
+``None``. With the default :setting:`FILE_UPLOAD_HANDLERS`, this results in
 
+uploaded files having different permissions depending on their size and which
 
+upload handler is used.
 
+
 
+``FILE_UPLOAD_PERMISSION`` now defaults to ``0o644`` to avoid this
 
+inconsistency.
 
+
 
 Miscellaneous
 
 -------------

+ 1 - 1
tests/test_utils/tests.py
View File 

@@ -1099,7 +1099,7 @@ class OverrideSettingsTests(SimpleTestCase):
 
         the file_permissions_mode attribute of
 
         django.core.files.storage.default_storage.
 
         """
 
-        self.assertIsNone(default_storage.file_permissions_mode)
 
+        self.assertEqual(default_storage.file_permissions_mode, 0o644)
 
         with self.settings(FILE_UPLOAD_PERMISSIONS=0o777):
 
             self.assertEqual(default_storage.file_permissions_mode, 0o777)