From 9f74c6cf7d0fd6188194e7bba8f059843b9c3c89 Mon Sep 17 00:00:00 2001 From: Petri Lehtinen Date: Sat, 23 Feb 2013 19:26:56 +0100 Subject: [PATCH] Issue #8890: Stop advertising an insecure use of /tmp in docs --- Doc/install/index.rst | 2 +- Doc/library/atexit.rst | 4 ++-- Doc/library/cgi.rst | 2 +- Doc/library/imghdr.rst | 2 +- Doc/library/mailcap.rst | 4 ++-- Doc/library/nntplib.rst | 2 +- Doc/library/optparse.rst | 4 ++-- Doc/library/pipes.rst | 6 +++--- Doc/library/sqlite3.rst | 4 ++-- Doc/library/trace.rst | 4 ++-- Doc/library/zipimport.rst | 10 +++++----- Doc/tutorial/inputoutput.rst | 8 ++++---- Misc/ACKS | 1 + Misc/NEWS | 4 ++++ 14 files changed, 31 insertions(+), 26 deletions(-) diff --git a/Doc/install/index.rst b/Doc/install/index.rst index 52c75dc58e..c31b1983ce 100644 --- a/Doc/install/index.rst +++ b/Doc/install/index.rst @@ -189,7 +189,7 @@ under the distribution root; if you're excessively concerned with speed, or want to keep the source tree pristine, you can change the build directory with the :option:`--build-base` option. For example:: - python setup.py build --build-base=/tmp/pybuild/foo-1.0 + python setup.py build --build-base=/path/to/pybuild/foo-1.0 (Or you could do this permanently with a directive in your system or personal Distutils configuration file; see section :ref:`inst-config-files`.) Normally, this diff --git a/Doc/library/atexit.rst b/Doc/library/atexit.rst index 7c76bab50d..01cf379df2 100644 --- a/Doc/library/atexit.rst +++ b/Doc/library/atexit.rst @@ -67,7 +67,7 @@ automatically when the program terminates without relying on the application making an explicit call into this module at termination. :: try: - _count = int(open("/tmp/counter").read()) + _count = int(open("counter").read()) except IOError: _count = 0 @@ -76,7 +76,7 @@ making an explicit call into this module at termination. :: _count = _count + n def savecounter(): - open("/tmp/counter", "w").write("%d" % _count) + open("counter", "w").write("%d" % _count) import atexit atexit.register(savecounter) diff --git a/Doc/library/cgi.rst b/Doc/library/cgi.rst index 21509d1f05..478c95a9b0 100644 --- a/Doc/library/cgi.rst +++ b/Doc/library/cgi.rst @@ -79,7 +79,7 @@ program to users of your script, you can have the reports saved to files instead, with code like this:: import cgitb - cgitb.enable(display=0, logdir="/tmp") + cgitb.enable(display=0, logdir="/path/to/logdir") It's very helpful to use this feature during script development. The reports produced by :mod:`cgitb` provide information that can save you a lot of time in diff --git a/Doc/library/imghdr.rst b/Doc/library/imghdr.rst index 32ec9cfc2f..9e8952339c 100644 --- a/Doc/library/imghdr.rst +++ b/Doc/library/imghdr.rst @@ -65,6 +65,6 @@ to this variable: Example:: >>> import imghdr - >>> imghdr.what('/tmp/bass.gif') + >>> imghdr.what('bass.gif') 'gif' diff --git a/Doc/library/mailcap.rst b/Doc/library/mailcap.rst index 4bb31bfc05..8115e42603 100644 --- a/Doc/library/mailcap.rst +++ b/Doc/library/mailcap.rst @@ -71,6 +71,6 @@ An example usage:: >>> import mailcap >>> d=mailcap.getcaps() - >>> mailcap.findmatch(d, 'video/mpeg', filename='/tmp/tmp1223') - ('xmpeg /tmp/tmp1223', {'view': 'xmpeg %s'}) + >>> mailcap.findmatch(d, 'video/mpeg', filename='tmp1223') + ('xmpeg tmp1223', {'view': 'xmpeg %s'}) diff --git a/Doc/library/nntplib.rst b/Doc/library/nntplib.rst index 247efb7deb..ef8b9b54a1 100644 --- a/Doc/library/nntplib.rst +++ b/Doc/library/nntplib.rst @@ -47,7 +47,7 @@ To post an article from a binary file (this assumes that the article has valid headers, and that you have right to post on the particular newsgroup):: >>> s = nntplib.NNTP('news.gmane.org') - >>> f = open('/tmp/article.txt', 'rb') + >>> f = open('article.txt', 'rb') >>> s.post(f) '240 Article posted successfully.' >>> s.quit() diff --git a/Doc/library/optparse.rst b/Doc/library/optparse.rst index 6a03edf134..13395b636d 100644 --- a/Doc/library/optparse.rst +++ b/Doc/library/optparse.rst @@ -171,10 +171,10 @@ required option For example, consider this hypothetical command-line:: - prog -v --report /tmp/report.txt foo bar + prog -v --report report.txt foo bar ``-v`` and ``--report`` are both options. Assuming that ``--report`` -takes one argument, ``/tmp/report.txt`` is an option argument. ``foo`` and +takes one argument, ``report.txt`` is an option argument. ``foo`` and ``bar`` are positional arguments. diff --git a/Doc/library/pipes.rst b/Doc/library/pipes.rst index 016a720470..69e891db29 100644 --- a/Doc/library/pipes.rst +++ b/Doc/library/pipes.rst @@ -26,12 +26,12 @@ The :mod:`pipes` module defines the following class: Example:: >>> import pipes - >>> t=pipes.Template() + >>> t = pipes.Template() >>> t.append('tr a-z A-Z', '--') - >>> f=t.open('/tmp/1', 'w') + >>> f = t.open('pipefile', 'w') >>> f.write('hello world') >>> f.close() - >>> open('/tmp/1').read() + >>> open('pipefile').read() 'HELLO WORLD' diff --git a/Doc/library/sqlite3.rst b/Doc/library/sqlite3.rst index 28edfcff21..0d7baef165 100644 --- a/Doc/library/sqlite3.rst +++ b/Doc/library/sqlite3.rst @@ -18,10 +18,10 @@ with the DB-API 2.0 specification described by :pep:`249`. To use the module, you must first create a :class:`Connection` object that represents the database. Here the data will be stored in the -:file:`/tmp/example` file:: +:file:`example.db` file:: import sqlite3 - conn = sqlite3.connect('/tmp/example') + conn = sqlite3.connect('example.db') You can also supply the special name ``:memory:`` to create a database in RAM. diff --git a/Doc/library/trace.rst b/Doc/library/trace.rst index c4ddc56cf2..9b52f7d18d 100644 --- a/Doc/library/trace.rst +++ b/Doc/library/trace.rst @@ -201,7 +201,7 @@ A simple example demonstrating the use of the programmatic interface:: # run the new command using the given tracer tracer.run('main()') - # make a report, placing output in /tmp + # make a report, placing output in the current directory r = tracer.results() - r.write_results(show_missing=True, coverdir="/tmp") + r.write_results(show_missing=True, coverdir=".") diff --git a/Doc/library/zipimport.rst b/Doc/library/zipimport.rst index 4f170924e9..60b2bd1835 100644 --- a/Doc/library/zipimport.rst +++ b/Doc/library/zipimport.rst @@ -16,7 +16,7 @@ Typically, :data:`sys.path` is a list of directory names as strings. This modul also allows an item of :data:`sys.path` to be a string naming a ZIP file archive. The ZIP archive can contain a subdirectory structure to support package imports, and a path within the archive can be specified to only import from a -subdirectory. For example, the path :file:`/tmp/example.zip/lib/` would only +subdirectory. For example, the path :file:`example.zip/lib/` would only import from the :file:`lib/` subdirectory within the archive. Any files may be present in the ZIP archive, but only files :file:`.py` and @@ -144,8 +144,8 @@ Examples Here is an example that imports a module from a ZIP archive - note that the :mod:`zipimport` module is not explicitly used. :: - $ unzip -l /tmp/example.zip - Archive: /tmp/example.zip + $ unzip -l example.zip + Archive: example.zip Length Date Time Name -------- ---- ---- ---- 8467 11-26-02 22:30 jwzthreading.py @@ -154,8 +154,8 @@ Here is an example that imports a module from a ZIP archive - note that the $ ./python Python 2.3 (#1, Aug 1 2003, 19:54:32) >>> import sys - >>> sys.path.insert(0, '/tmp/example.zip') # Add .zip file to front of path + >>> sys.path.insert(0, 'example.zip') # Add .zip file to front of path >>> import jwzthreading >>> jwzthreading.__file__ - '/tmp/example.zip/jwzthreading.py' + 'example.zip/jwzthreading.py' diff --git a/Doc/tutorial/inputoutput.rst b/Doc/tutorial/inputoutput.rst index 1324359326..c804e25c8c 100644 --- a/Doc/tutorial/inputoutput.rst +++ b/Doc/tutorial/inputoutput.rst @@ -234,12 +234,12 @@ two arguments: ``open(filename, mode)``. :: - >>> f = open('/tmp/workfile', 'w') + >>> f = open('workfile', 'w') .. XXX str(f) is >>> print(f) - + The first argument is a string containing the filename. The second argument is another string containing a few characters describing the way in which the file @@ -346,7 +346,7 @@ of the file, 1 uses the current file position, and 2 uses the end of the file as the reference point. *from_what* can be omitted and defaults to 0, using the beginning of the file as the reference point. :: - >>> f = open('/tmp/workfile', 'rb+') + >>> f = open('workfile', 'rb+') >>> f.write(b'0123456789abcdef') 16 >>> f.seek(5) # Go to the 6th byte in the file @@ -377,7 +377,7 @@ objects. This has the advantage that the file is properly closed after its suite finishes, even if an exception is raised on the way. It is also much shorter than writing equivalent :keyword:`try`\ -\ :keyword:`finally` blocks:: - >>> with open('/tmp/workfile', 'r') as f: + >>> with open('workfile', 'r') as f: ... read_data = f.read() >>> f.closed True diff --git a/Misc/ACKS b/Misc/ACKS index bdb39f29e0..39195ef665 100644 --- a/Misc/ACKS +++ b/Misc/ACKS @@ -1170,6 +1170,7 @@ Sue Williams Gerald S. Williams Steven Willis Frank Willison +Geoff Wilson Greg V. Wilson J Derek Wilson Paul Winkler diff --git a/Misc/NEWS b/Misc/NEWS index e5c37fae9e..1550d0e6ab 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -1078,6 +1078,10 @@ Tools/Demos Documentation ------------- +- Issue #8890: Stop advertising an insecure practice by replacing uses + of the /tmp directory with better alternatives in the documentation. + Patch by Geoff Wilson. + - Issue #17203: add long option names to unittest discovery docs. - Issue #13094: add "Why do lambdas defined in a loop with different values -- 2.40.0