Added a warning regarding risks in serving user uploaded media.

Thanks Preston Holmes for the draft text.
2025-10-23 21:59:11 +00:00 · 2013-11-13 07:38:03 -05:00
parent 041a076dad
commit df6760f12c
3 changed files with 58 additions and 4 deletions
--- a/docs/topics/http/file-uploads.txt
+++ b/docs/topics/http/file-uploads.txt
@@ -10,6 +10,12 @@ When Django handles a file upload, the file data ends up placed in
 </ref/request-response>`). This document explains how files are stored on disk
 and in memory, and how to customize the default behavior.

+.. warning::
+
+    There are security risks if you are accepting uploaded content from
+    untrusted users! See the security guide's topic on
+    :ref:`user-uploaded-content-security` for mitigation details.
+
 Basic file uploads
 ==================