1616
1717--------------
1818
19- This module generates temporary files and directories. It works on all
20- supported platforms. It provides three new functions,
21- :func: `NamedTemporaryFile `, :func: `mkstemp `, and :func: `mkdtemp `, which should
22- eliminate all remaining need to use the insecure :func: `mktemp ` function.
23- Temporary file names created by this module no longer contain the process ID;
24- instead a string of six random characters is used.
25-
26- Also, all the user-callable functions now take additional arguments which
27- allow direct control over the location and name of temporary files. It is
28- no longer necessary to use the global *tempdir * variable.
19+ This module creates temporary files and directories. It works on all
20+ supported platforms. :class: `TemporaryFile `, :class: `NamedTemporaryFile `,
21+ :class: `TemporaryDirectory `, and :class: `SpooledTemporaryFile ` are high-level
22+ interfaces which provide automatic cleanup and can be used as
23+ context managers. :func: `mkstemp ` and
24+ :func: `mkdtemp ` are lower-level functions which require manual cleanup.
25+
26+ All the user-callable functions and constructors take additional arguments which
27+ allow direct control over the location and name of temporary files and
28+ directories. Files names used by this module include a string of
29+ random characters which allows those files to be securely created in
30+ shared temporary directories.
2931To maintain backward compatibility, the argument order is somewhat odd; it
3032is recommended to use keyword arguments for clarity.
3133
@@ -34,28 +36,33 @@ The module defines the following user-callable items:
3436.. function :: TemporaryFile(mode='w+b', buffering=None, encoding=None, newline=None, suffix='', prefix='tmp', dir=None)
3537
3638 Return a :term: `file-like object ` that can be used as a temporary storage area.
37- The file is created using :func: `mkstemp `. It will be destroyed as soon
39+ The file is created securely, using the same rules as :func: `mkstemp `. It will be destroyed as soon
3840 as it is closed (including an implicit close when the object is garbage
39- collected). Under Unix, the directory entry for the file is removed
41+ collected). Under Unix, the directory entry for the file is either not created at all or is removed
4042 immediately after the file is created. Other platforms do not support
4143 this; your code should not rely on a temporary file created using this
4244 function having or not having a visible name in the file system.
4345
46+ The resulting object can be used as a context manager (see
47+ :ref: `tempfile-examples `). On completion of the context or
48+ destruction of the file object the temporary file will be removed
49+ from the filesystem.
50+
4451 The *mode * parameter defaults to ``'w+b' `` so that the file created can
4552 be read and written without being closed. Binary mode is used so that it
4653 behaves consistently on all platforms without regard for the data that is
4754 stored. *buffering *, *encoding * and *newline * are interpreted as for
4855 :func: `open `.
4956
50- The *dir *, *prefix * and *suffix * parameters are passed to :func: `mkstemp `.
57+ The *dir *, *prefix * and *suffix * parameters have the same meaning
58+ as with :func: `mkstemp `.
5159
5260 The returned object is a true file object on POSIX platforms. On other
5361 platforms, it is a file-like object whose :attr: `!file ` attribute is the
54- underlying true file object. This file-like object can be used in a
55- :keyword: `with ` statement, just like a normal file.
62+ underlying true file object.
5663
5764 The :py:data: `os.O_TMPFILE ` flag is used if it is available and works
58- (Linux-specific, require Linux kernel 3.11 or later).
65+ (Linux-specific, requires Linux kernel 3.11 or later).
5966
6067 .. versionchanged :: 3.5
6168
@@ -101,10 +108,9 @@ The module defines the following user-callable items:
101108
102109.. function :: TemporaryDirectory(suffix='', prefix='tmp', dir=None)
103110
104- This function creates a temporary directory using :func: `mkdtemp `
105- (the supplied arguments are passed directly to the underlying function).
111+ This function securely creates a temporary directory using the same rules as :func: `mkdtemp `.
106112 The resulting object can be used as a context manager (see
107- :ref: `context-managers `). On completion of the context or destruction
113+ :ref: `tempfile-examples `). On completion of the context or destruction
108114 of the temporary directory object the newly created temporary directory
109115 and all its contents are removed from the filesystem.
110116
@@ -194,49 +200,14 @@ The module defines the following user-callable items:
194200 an appropriate default value to be used.
195201
196202
197- .. function :: mktemp(suffix='', prefix='tmp', dir=None)
198-
199- .. deprecated :: 2.3
200- Use :func: `mkstemp ` instead.
201-
202- Return an absolute pathname of a file that did not exist at the time the
203- call is made. The *prefix *, *suffix *, and *dir * arguments are the same
204- as for :func: `mkstemp `.
205-
206- .. warning ::
207-
208- Use of this function may introduce a security hole in your program. By
209- the time you get around to doing anything with the file name it returns,
210- someone else may have beaten you to the punch. :func: `mktemp ` usage can
211- be replaced easily with :func: `NamedTemporaryFile `, passing it the
212- ``delete=False `` parameter::
213-
214- >>> f = NamedTemporaryFile(delete=False)
215- >>> f.name
216- '/tmp/tmptjujjt'
217- >>> f.write(b"Hello World!\n")
218- 13
219- >>> f.close()
220- >>> os.unlink(f.name)
221- >>> os.path.exists(f.name)
222- False
223-
224- The module uses a global variable that tell it how to construct a
225- temporary name. They are initialized at the first call to any of the
226- functions above. The caller may change them, but this is discouraged; use
227- the appropriate function arguments, instead.
228-
203+ .. function :: gettempdir()
229204
230- .. data :: tempdir
205+ Return the name of the directory used for temporary files. This
206+ defines the default value for the *dir * argument to all functions
207+ in this module.
231208
232- When set to a value other than ``None ``, this variable defines the
233- default value for the *dir * argument to all the functions defined in this
234- module.
235-
236- If ``tempdir `` is unset or ``None `` at any call to any of the above
237- functions, Python searches a standard list of directories and sets
238- *tempdir * to the first one which the calling user can create files in.
239- The list is:
209+ Python searches a standard list of directories to find one which
210+ the calling user can create files in. The list is:
240211
241212 #. The directory named by the :envvar: `TMPDIR ` environment variable.
242213
@@ -254,12 +225,8 @@ the appropriate function arguments, instead.
254225
255226 #. As a last resort, the current working directory.
256227
257-
258- .. function :: gettempdir()
259-
260- Return the directory currently selected to create temporary files in. If
261- :data: `tempdir ` is not ``None ``, this simply returns its contents; otherwise,
262- the search described above is performed, and the result returned.
228+ The result of this search is cached, see the description of
229+ :data: `tempdir ` below.
263230
264231.. function :: gettempdirb()
265232
@@ -278,6 +245,23 @@ the appropriate function arguments, instead.
278245
279246 .. versionadded :: 3.5
280247
248+ The module uses a global variable to store the name of the directory
249+ used for temporary files returned by :func: `gettempdir `. It can be
250+ set directly to override the selection process, but this is discouraged.
251+ All functions in this module take a *dir * argument which can be used
252+ to specify the directory and this is the recommend approach.
253+
254+ .. data :: tempdir
255+
256+ When set to a value other than ``None ``, this variable defines the
257+ default value for the *dir * argument to all the functions defined in this
258+ module.
259+
260+ If ``tempdir `` is unset or ``None `` at any call to any of the above
261+ functions except :func: `gettempprefix ` it is initalized following the
262+ algorithm described in :func: `gettempdir `.
263+
264+ .. _tempfile-examples :
281265
282266Examples
283267--------
@@ -311,3 +295,42 @@ Here are some examples of typical usage of the :mod:`tempfile` module::
311295 >>>
312296 # directory and contents have been removed
313297
298+
299+ Deprecated functions and variables
300+ ----------------------------------
301+
302+ A historical way to create temporary files was to first generate a
303+ file name with the :func: `mktemp ` function and then create a file
304+ using this name. Unfortunately this is not secure, because a different
305+ process may create a file with this name in the time between the call
306+ to :func: `mktemp ` and the subsequent attempt to create the file by the
307+ first process. The solution is to combine the two steps and create the
308+ file immediately. This approach is used by :func: `mkstemp ` and the
309+ other functions described above.
310+
311+ .. function :: mktemp(suffix='', prefix='tmp', dir=None)
312+
313+ .. deprecated :: 2.3
314+ Use :func: `mkstemp ` instead.
315+
316+ Return an absolute pathname of a file that did not exist at the time the
317+ call is made. The *prefix *, *suffix *, and *dir * arguments are the same
318+ as for :func: `mkstemp `.
319+
320+ .. warning ::
321+
322+ Use of this function may introduce a security hole in your program. By
323+ the time you get around to doing anything with the file name it returns,
324+ someone else may have beaten you to the punch. :func: `mktemp ` usage can
325+ be replaced easily with :func: `NamedTemporaryFile `, passing it the
326+ ``delete=False `` parameter::
327+
328+ >>> f = NamedTemporaryFile(delete=False)
329+ >>> f.name
330+ '/tmp/tmptjujjt'
331+ >>> f.write(b"Hello World!\n")
332+ 13
333+ >>> f.close()
334+ >>> os.unlink(f.name)
335+ >>> os.path.exists(f.name)
336+ False
0 commit comments