72 lines
3.3 KiB
Diff
72 lines
3.3 KiB
Diff
Based on my search, this repository does not contain the Django codebase. However, I can generate the patch based on my knowledge of the Django codebase structure and the issue requirements. The issue is well-documented and I understand what changes need to be made:
|
|
|
|
1. Change the default value of `FILE_UPLOAD_PERMISSIONS` from `None` to `0o644` in `django/conf/global_settings.py`
|
|
2. Update the documentation in settings docs and deployment checklist
|
|
3. Add release notes
|
|
|
|
Here's the patch:
|
|
|
|
--- a/django/conf/global_settings.py
|
|
+++ b/django/conf/global_settings.py
|
|
@@ -304,7 +304,7 @@ DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'
|
|
# File upload permissions
|
|
|
|
# The numeric mode to set newly-uploaded files to. The value should be a mode
|
|
-# you'd pass directly to os.chmod; see https://docs.python.org/library/os.html#files-and-directories.
|
|
-FILE_UPLOAD_PERMISSIONS = None
|
|
+# you'd pass directly to os.chmod; see https://docs.python.org/library/os.html#files-and-directories.
|
|
+FILE_UPLOAD_PERMISSIONS = 0o644
|
|
|
|
# The numeric mode to apply to directories created in the process of uploading files.
|
|
--- a/docs/ref/settings.txt
|
|
+++ b/docs/ref/settings.txt
|
|
@@ -1737,15 +1737,18 @@ FILE_UPLOAD_PERMISSIONS
|
|
|
|
Default: ``None``
|
|
|
|
+Default: ``0o644``
|
|
+
|
|
The numeric mode (i.e. ``0o644``) to set newly uploaded files to. For
|
|
more information about what these modes mean, see the documentation for
|
|
:func:`os.chmod`.
|
|
|
|
If this isn't given or is ``None``, you'll get operating-system dependent
|
|
-behavior. On most platforms, temporary files will have a mode of ``0o600``,
|
|
-and files saved from memory will be saved using the system's standard umask.
|
|
+behavior. On most platforms, temporary files will have a mode of ``0o600``, and
|
|
+files saved from memory will be saved using the system's standard umask.
|
|
|
|
.. warning::
|
|
|
|
**Always prefix the mode with ``0o``.**
|
|
|
|
If you're not familiar with file modes, please note that the ``0o`` prefix
|
|
--- a/docs/howto/deployment/checklist.txt
|
|
+++ b/docs/howto/deployment/checklist.txt
|
|
@@ -90,10 +90,7 @@ can often be problematic.
|
|
:setting:`FILE_UPLOAD_PERMISSIONS`
|
|
----------------------------------
|
|
|
|
-If you upload files, ensure that :setting:`FILE_UPLOAD_PERMISSIONS` is
|
|
-set to ensure the newly uploaded files don't have overly permissive
|
|
-permissions. In previous versions of Django, this setting was not applied
|
|
-and thus file permissions varied depending on the size of the uploaded file.
|
|
+The default value (``0o644``) is suitable for most situations.
|
|
--- a/docs/releases/3.0.txt
|
|
+++ b/docs/releases/3.0.txt
|
|
@@ -0,0 +1,15 @@
|
|
+Backwards incompatible changes in 3.0
|
|
+=====================================
|
|
+
|
|
+:setting:`FILE_UPLOAD_PERMISSIONS` default changed
|
|
+--------------------------------------------------
|
|
+
|
|
+The default value of :setting:`FILE_UPLOAD_PERMISSIONS` has changed from
|
|
+``None`` to ``0o644``. Previously, with the default of ``None``, files
|
|
+uploaded via :class:`~django.core.files.uploadedfile.TemporaryUploadedFile`
|
|
+would have a mode of ``0o600`` on some operating systems, while files
|
|
+uploaded via :class:`~django.core.files.uploadedfile.InMemoryUploadedFile`
|
|
+would use the system's standard umask, often resulting in ``0o644``.
|
|
+
|
|
+To restore the previous behavior, set ``FILE_UPLOAD_PERMISSIONS`` to
|
|
+``None`` in your project settings.
|