summaryrefslogtreecommitdiff
path: root/docs/topics/http
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2013-11-13 07:38:03 -0500
committerTim Graham <timograham@gmail.com>2013-12-02 13:49:47 -0500
commit3f8583a2c8978096be177bc7c95955e65eebee5f (patch)
tree5b382ffc3af79c228a61ff8ee05e755adb2823b2 /docs/topics/http
parent87433c30c766b3cf7f432dbd97bd5413db5daa07 (diff)
[1.6.x] Added a warning regarding risks in serving user uploaded media.
Thanks Preston Holmes for the draft text. Backport of df6760f12c from master
Diffstat (limited to 'docs/topics/http')
-rw-r--r--docs/topics/http/file-uploads.txt6
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt
index f6fa27e27c..fb6d20583f 100644
--- a/docs/topics/http/file-uploads.txt
+++ b/docs/topics/http/file-uploads.txt
@@ -10,6 +10,12 @@ When Django handles a file upload, the file data ends up placed in
</ref/request-response>`). This document explains how files are stored on disk
and in memory, and how to customize the default behavior.
+.. warning::
+
+ There are security risks if you are accepting uploaded content from
+ untrusted users! See the security guide's topic on
+ :ref:`user-uploaded-content-security` for mitigation details.
+
Basic file uploads
==================