[Python-checkins] cpython (2.7): Issue #8890: Stop advertising an insecure use of /tmp in docs

petri.lehtinen python-checkins at python.org
Sat Feb 23 19:39:05 CET 2013


http://hg.python.org/cpython/rev/488957f9b664
changeset:   82352:488957f9b664
branch:      2.7
parent:      82348:6911df35b7b6
user:        Petri Lehtinen <petri at digip.org>
date:        Sat Feb 23 19:24:08 2013 +0100
summary:
  Issue #8890: Stop advertising an insecure use of /tmp in docs

files:
  Doc/install/index.rst        |   2 +-
  Doc/library/atexit.rst       |   4 ++--
  Doc/library/bsddb.rst        |   2 +-
  Doc/library/cgi.rst          |   2 +-
  Doc/library/compiler.rst     |   4 ++--
  Doc/library/gzip.rst         |   8 ++++----
  Doc/library/imghdr.rst       |   2 +-
  Doc/library/mailcap.rst      |   4 ++--
  Doc/library/nntplib.rst      |   2 +-
  Doc/library/optparse.rst     |   4 ++--
  Doc/library/pipes.rst        |   6 +++---
  Doc/library/posixfile.rst    |   2 +-
  Doc/library/trace.rst        |   4 ++--
  Doc/library/zipimport.rst    |  10 +++++-----
  Doc/tutorial/inputoutput.rst |   8 ++++----
  Misc/ACKS                    |   1 +
  Misc/NEWS                    |   4 ++++
  17 files changed, 37 insertions(+), 32 deletions(-)


diff --git a/Doc/install/index.rst b/Doc/install/index.rst
--- a/Doc/install/index.rst
+++ b/Doc/install/index.rst
@@ -189,7 +189,7 @@
 to keep the source tree pristine, you can change the build directory with the
 :option:`--build-base` option. For example::
 
-   python setup.py build --build-base=/tmp/pybuild/foo-1.0
+   python setup.py build --build-base=/path/to/pybuild/foo-1.0
 
 (Or you could do this permanently with a directive in your system or personal
 Distutils configuration file; see section :ref:`inst-config-files`.)  Normally, this
diff --git a/Doc/library/atexit.rst b/Doc/library/atexit.rst
--- a/Doc/library/atexit.rst
+++ b/Doc/library/atexit.rst
@@ -76,7 +76,7 @@
 making an explicit call into this module at termination. ::
 
    try:
-       _count = int(open("/tmp/counter").read())
+       _count = int(open("counter").read())
    except IOError:
        _count = 0
 
@@ -85,7 +85,7 @@
        _count = _count + n
 
    def savecounter():
-       open("/tmp/counter", "w").write("%d" % _count)
+       open("counter", "w").write("%d" % _count)
 
    import atexit
    atexit.register(savecounter)
diff --git a/Doc/library/bsddb.rst b/Doc/library/bsddb.rst
--- a/Doc/library/bsddb.rst
+++ b/Doc/library/bsddb.rst
@@ -170,7 +170,7 @@
 Example::
 
    >>> import bsddb
-   >>> db = bsddb.btopen('/tmp/spam.db', 'c')
+   >>> db = bsddb.btopen('spam.db', 'c')
    >>> for i in range(10): db['%d'%i] = '%d'% (i*i)
    ...
    >>> db['3']
diff --git a/Doc/library/cgi.rst b/Doc/library/cgi.rst
--- a/Doc/library/cgi.rst
+++ b/Doc/library/cgi.rst
@@ -81,7 +81,7 @@
 instead, with code like this::
 
    import cgitb
-   cgitb.enable(display=0, logdir="/tmp")
+   cgitb.enable(display=0, logdir="/path/to/logdir")
 
 It's very helpful to use this feature during script development. The reports
 produced by :mod:`cgitb` provide information that can save you a lot of time in
diff --git a/Doc/library/compiler.rst b/Doc/library/compiler.rst
--- a/Doc/library/compiler.rst
+++ b/Doc/library/compiler.rst
@@ -540,7 +540,7 @@
 AST looks like, and how to access attributes of an AST node.
 
 The first module defines a single function.  Assume it is stored in
-:file:`/tmp/doublelib.py`.  ::
+:file:`doublelib.py`.  ::
 
    """This is an example module.
 
@@ -557,7 +557,7 @@
 :mod:`compiler.ast` module. ::
 
    >>> import compiler
-   >>> mod = compiler.parseFile("/tmp/doublelib.py")
+   >>> mod = compiler.parseFile("doublelib.py")
    >>> mod
    Module('This is an example module.\n\nThis is the docstring.\n',
           Stmt([Function(None, 'double', ['x'], [], 0,
diff --git a/Doc/library/gzip.rst b/Doc/library/gzip.rst
--- a/Doc/library/gzip.rst
+++ b/Doc/library/gzip.rst
@@ -93,7 +93,7 @@
 Example of how to read a compressed file::
 
    import gzip
-   f = gzip.open('/home/joe/file.txt.gz', 'rb')
+   f = gzip.open('file.txt.gz', 'rb')
    file_content = f.read()
    f.close()
 
@@ -101,15 +101,15 @@
 
    import gzip
    content = "Lots of content here"
-   f = gzip.open('/home/joe/file.txt.gz', 'wb')
+   f = gzip.open('file.txt.gz', 'wb')
    f.write(content)
    f.close()
 
 Example of how to GZIP compress an existing file::
 
    import gzip
-   f_in = open('/home/joe/file.txt', 'rb')
-   f_out = gzip.open('/home/joe/file.txt.gz', 'wb')
+   f_in = open('file.txt', 'rb')
+   f_out = gzip.open('file.txt.gz', 'wb')
    f_out.writelines(f_in)
    f_out.close()
    f_in.close()
diff --git a/Doc/library/imghdr.rst b/Doc/library/imghdr.rst
--- a/Doc/library/imghdr.rst
+++ b/Doc/library/imghdr.rst
@@ -68,6 +68,6 @@
 Example::
 
    >>> import imghdr
-   >>> imghdr.what('/tmp/bass.gif')
+   >>> imghdr.what('bass.gif')
    'gif'
 
diff --git a/Doc/library/mailcap.rst b/Doc/library/mailcap.rst
--- a/Doc/library/mailcap.rst
+++ b/Doc/library/mailcap.rst
@@ -71,6 +71,6 @@
 
    >>> import mailcap
    >>> d=mailcap.getcaps()
-   >>> mailcap.findmatch(d, 'video/mpeg', filename='/tmp/tmp1223')
-   ('xmpeg /tmp/tmp1223', {'view': 'xmpeg %s'})
+   >>> mailcap.findmatch(d, 'video/mpeg', filename='tmp1223')
+   ('xmpeg tmp1223', {'view': 'xmpeg %s'})
 
diff --git a/Doc/library/nntplib.rst b/Doc/library/nntplib.rst
--- a/Doc/library/nntplib.rst
+++ b/Doc/library/nntplib.rst
@@ -46,7 +46,7 @@
 headers, and that you have right to post on the particular newsgroup)::
 
    >>> s = NNTP('news.gmane.org')
-   >>> f = open('/tmp/article')
+   >>> f = open('articlefile')
    >>> s.post(f)
    '240 Article posted successfully.'
    >>> s.quit()
diff --git a/Doc/library/optparse.rst b/Doc/library/optparse.rst
--- a/Doc/library/optparse.rst
+++ b/Doc/library/optparse.rst
@@ -173,10 +173,10 @@
 
 For example, consider this hypothetical command-line::
 
-   prog -v --report /tmp/report.txt foo bar
+   prog -v --report report.txt foo bar
 
 ``-v`` and ``--report`` are both options.  Assuming that ``--report``
-takes one argument, ``/tmp/report.txt`` is an option argument.  ``foo`` and
+takes one argument, ``report.txt`` is an option argument.  ``foo`` and
 ``bar`` are positional arguments.
 
 
diff --git a/Doc/library/pipes.rst b/Doc/library/pipes.rst
--- a/Doc/library/pipes.rst
+++ b/Doc/library/pipes.rst
@@ -24,12 +24,12 @@
 Example::
 
    >>> import pipes
-   >>> t=pipes.Template()
+   >>> t = pipes.Template()
    >>> t.append('tr a-z A-Z', '--')
-   >>> f=t.open('/tmp/1', 'w')
+   >>> f = t.open('pipefile', 'w')
    >>> f.write('hello world')
    >>> f.close()
-   >>> open('/tmp/1').read()
+   >>> open('pipefile').read()
    'HELLO WORLD'
 
 
diff --git a/Doc/library/posixfile.rst b/Doc/library/posixfile.rst
--- a/Doc/library/posixfile.rst
+++ b/Doc/library/posixfile.rst
@@ -181,7 +181,7 @@
 
    import posixfile
 
-   file = posixfile.open('/tmp/test', 'w')
+   file = posixfile.open('testfile', 'w')
    file.lock('w|')
    ...
    file.lock('u')
diff --git a/Doc/library/trace.rst b/Doc/library/trace.rst
--- a/Doc/library/trace.rst
+++ b/Doc/library/trace.rst
@@ -200,7 +200,7 @@
    # run the new command using the given tracer
    tracer.run('main()')
 
-   # make a report, placing output in /tmp
+   # make a report, placing output in the current directory
    r = tracer.results()
-   r.write_results(show_missing=True, coverdir="/tmp")
+   r.write_results(show_missing=True, coverdir=".")
 
diff --git a/Doc/library/zipimport.rst b/Doc/library/zipimport.rst
--- a/Doc/library/zipimport.rst
+++ b/Doc/library/zipimport.rst
@@ -19,7 +19,7 @@
 also allows an item of :data:`sys.path` to be a string naming a ZIP file archive.
 The ZIP archive can contain a subdirectory structure to support package imports,
 and a path within the archive can be specified to only import from a
-subdirectory.  For example, the path :file:`/tmp/example.zip/lib/` would only
+subdirectory.  For example, the path :file:`example.zip/lib/` would only
 import from the :file:`lib/` subdirectory within the archive.
 
 Any files may be present in the ZIP archive, but only files :file:`.py` and
@@ -151,8 +151,8 @@
 Here is an example that imports a module from a ZIP archive - note that the
 :mod:`zipimport` module is not explicitly used. ::
 
-   $ unzip -l /tmp/example.zip
-   Archive:  /tmp/example.zip
+   $ unzip -l example.zip
+   Archive:  example.zip
      Length     Date   Time    Name
     --------    ----   ----    ----
         8467  11-26-02 22:30   jwzthreading.py
@@ -161,8 +161,8 @@
    $ ./python
    Python 2.3 (#1, Aug 1 2003, 19:54:32)
    >>> import sys
-   >>> sys.path.insert(0, '/tmp/example.zip')  # Add .zip file to front of path
+   >>> sys.path.insert(0, 'example.zip')  # Add .zip file to front of path
    >>> import jwzthreading
    >>> jwzthreading.__file__
-   '/tmp/example.zip/jwzthreading.py'
+   'example.zip/jwzthreading.py'
 
diff --git a/Doc/tutorial/inputoutput.rst b/Doc/tutorial/inputoutput.rst
--- a/Doc/tutorial/inputoutput.rst
+++ b/Doc/tutorial/inputoutput.rst
@@ -236,9 +236,9 @@
 
 ::
 
-   >>> f = open('/tmp/workfile', 'w')
+   >>> f = open('workfile', 'w')
    >>> print f
-   <open file '/tmp/workfile', mode 'w' at 80a0960>
+   <open file 'workfile', mode 'w' at 80a0960>
 
 The first argument is a string containing the filename.  The second argument is
 another string containing a few characters describing the way in which the file
@@ -339,7 +339,7 @@
 the reference point.  *from_what* can be omitted and defaults to 0, using the
 beginning of the file as the reference point. ::
 
-   >>> f = open('/tmp/workfile', 'r+')
+   >>> f = open('workfile', 'r+')
    >>> f.write('0123456789abcdef')
    >>> f.seek(5)     # Go to the 6th byte in the file
    >>> f.read(1)
@@ -363,7 +363,7 @@
 suite finishes, even if an exception is raised on the way.  It is also much
 shorter than writing equivalent :keyword:`try`\ -\ :keyword:`finally` blocks::
 
-    >>> with open('/tmp/workfile', 'r') as f:
+    >>> with open('workfile', 'r') as f:
     ...     read_data = f.read()
     >>> f.closed
     True
diff --git a/Misc/ACKS b/Misc/ACKS
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -1081,6 +1081,7 @@
 Gerald S. Williams
 Steven Willis
 Frank Willison
+Geoff Wilson
 Greg V. Wilson
 J Derek Wilson
 Paul Winkler
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -926,6 +926,10 @@
 Documentation
 -------------
 
+- Issue #8890: Stop advertising an insecure practice by replacing uses
+  of the /tmp directory with better alternatives in the documentation.
+  Patch by Geoff Wilson.
+
 - Issue #17203: add long option names to unittest discovery docs.
 
 - Issue #13094: add "Why do lambdas defined in a loop with different values

-- 
Repository URL: http://hg.python.org/cpython


More information about the Python-checkins mailing list