diff options
Diffstat (limited to 'docs/ref/models/fields.txt')
| -rw-r--r-- | docs/ref/models/fields.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/ref/models/fields.txt b/docs/ref/models/fields.txt index 9847560504..d7336d7001 100644 --- a/docs/ref/models/fields.txt +++ b/docs/ref/models/fields.txt @@ -857,7 +857,7 @@ takes a few steps: full path to a directory where you'd like Django to store uploaded files. (For performance, these files are not stored in the database.) Define :setting:`MEDIA_URL` as the base public URL of that directory. Make sure - that this directory is writable by the Web server's user account. + that this directory is writable by the web server's user account. #. Add the :class:`FileField` or :class:`ImageField` to your model, defining the :attr:`~FileField.upload_to` option to specify a subdirectory of @@ -900,7 +900,7 @@ Note that whenever you deal with uploaded files, you should pay close attention to where you're uploading them and what type of files they are, to avoid security holes. *Validate all uploaded files* so that you're sure the files are what you think they are. For example, if you blindly let somebody upload files, -without validation, to a directory that's within your Web server's document +without validation, to a directory that's within your web server's document root, then somebody could upload a CGI or PHP script and execute that script by visiting its URL on your site. Don't allow that. |