Hi there,
I've noticed a possible race condition in django/db/models/base.py.
When a file field is saved in the _save_FIELD_file function it first
checks whether a file with the same name already exists, and then adds
underscores to the filename until it generates a unique name and then
saves the file.
# If the filename already exists, keep adding an underscore to the name
of
# the file until the filename doesn't exist.
while os.path.exists(os.path.join(settings.MEDIA_ROOT,
filename)):
try:
dot_index = filename.rindex('.')
except ValueError: # filename has no dot
filename += '_'
else:
filename = filename[:dot_index] + '_' +
filename[dot_index:]
# Write the file to disk.
setattr(self, field.attname, filename)
full_filename = self._get_FIELD_filename(field)
fp = open(full_filename, 'wb')
fp.write(raw_contents)
fp.close()
It looks like there may be a timing window where if two files with the
same name are saved at roughly the same time, the first one will be
overwritten. Shouldn't this use something like mkstemp that does this
atomically?
Cheers
Enrico de Klerk
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
