[Python-checkins] bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktemp in pydoc (GH-23200) (GH-28025)

ambv webhook-mailer at python.org
Sun Aug 29 08:56:50 EDT 2021

commit: 45409518c1cec5ee91d49f69a2f8eb4196d242f0
branch: 3.9
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: ambv <lukasz at langa.pl>
date: 2021-08-29T14:56:45+02:00

bpo-42278: Use tempfile.TemporaryDirectory rather than tempfile.mktemp in pydoc (GH-23200) (GH-28025)

Co-authored-by: Łukasz Langa <lukasz at langa.pl>
(cherry picked from commit c9227df5a9d8e958a2324cf0deba8524d1ded26a)

Co-authored-by: E-Paine <63801254+E-Paine at users.noreply.github.com>

A Misc/NEWS.d/next/Security/2021-08-29-12-39-44.bpo-42278.jvmQz_.rst
M Lib/pydoc.py

diff --git a/Lib/pydoc.py b/Lib/pydoc.py
index bdc0849f6af7a..4f9d227ff4603 100755
--- a/Lib/pydoc.py
+++ b/Lib/pydoc.py
@@ -1617,13 +1617,14 @@ def pipepager(text, cmd):
 def tempfilepager(text, cmd):
     """Page through text by invoking a program on a temporary file."""
     import tempfile
-    filename = tempfile.mktemp()
-    with open(filename, 'w', errors='backslashreplace') as file:
-        file.write(text)
-    try:
+    with tempfile.TemporaryDirectory() as tempdir:
+        filename = os.path.join(tempdir, 'pydoc.out')
+        with open(filename, 'w', errors='backslashreplace',
+                  encoding=os.device_encoding(0) if
+                  sys.platform == 'win32' else None
+                  ) as file:
+            file.write(text)
         os.system(cmd + ' "' + filename + '"')
-    finally:
-        os.unlink(filename)
 def _escape_stdout(text):
     # Escape non-encodable characters to avoid encoding errors later
diff --git a/Misc/NEWS.d/next/Security/2021-08-29-12-39-44.bpo-42278.jvmQz_.rst b/Misc/NEWS.d/next/Security/2021-08-29-12-39-44.bpo-42278.jvmQz_.rst
new file mode 100644
index 0000000000000..db880cd9026da
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-08-29-12-39-44.bpo-42278.jvmQz_.rst
@@ -0,0 +1,2 @@
+Replaced usage of :func:`tempfile.mktemp` with
+:class:`~tempfile.TemporaryDirectory` to avoid a potential race condition.

More information about the Python-checkins mailing list