collecstatic --clear is too lax about warning users
|Reported by:||loic84||Owned by:||loic84|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
STATIC_ROOT is not set in the
settings.py that ships with the default project template, so
STATIC_ROOT = '' from
global_settings.py is used instead.
'' is a valid relative path, which means "from the current directory", so common case, you would wipe your whole project, worse case you can wipe your system (assuming you have sufficient privileges).
This is made worse by another bug: we don't display the affected directory.
isinstance(self.storage, FileSystemStorage) (1) check fails because
self.storage is not yet evaluated and still resolves to
ConfiguredStorage (2) which is not a
Finally I think
--dry-run should print a message that confirms that the command is really run in dry-run mode. Currently, when you do
--dry-run --clear, you get a scary warning that you will delete files and you even have to confirm by typing "yes" just like the real command, that's enough to make you doubt that the
--dry-run is effective.
I suggest the following:
STATIC_ROOT = os.path.join(BASE_DIR, 'static')to the default template.
- Have management commands refuse to run when
settings.STATIC_ROOT == None.
Command.storageone way or another.
- Add a warning when the command is run with
Change History (13)
comment:2 Changed 3 years ago by
|Summary:||collecstatic --clear can potentially wipe clean a user's system. → collecstatic --clear is too lax about warning users|