Added a warning regarding risks in serving user uploaded media.

Thanks Preston Holmes for the draft text.
2025-11-02 04:48:33 +00:00 · 2013-11-13 07:38:03 -05:00 · 2013-11-13 07:38:03 -05:00 · df6760f12c
commit df6760f12c
parent 041a076dad
3 changed files with 58 additions and 4 deletions
--- a/docs/topics/http/file-uploads.txt
+++ b/docs/topics/http/file-uploads.txt
@ -10,6 +10,12 @@ When Django handles a file upload, the file data ends up placed in
 </ref/request-response>`). This document explains how files are stored on disk
 and in memory, and how to customize the default behavior.

+.. warning::
+
+    There are security risks if you are accepting uploaded content from
+    untrusted users! See the security guide's topic on
+    :ref:`user-uploaded-content-security` for mitigation details.
+
 Basic file uploads
 ==================