update helpers.send_from_directory docstring (#5599)

CheeseCake87 · web-flow · commit 6c44dd4bb8e4 · 2024-11-06T09:47:57.000-08:00
Update helpers.send_from_directory docstring to match werkzeug.utils.send_from_directory docstring on the :param directory: line.
diff --git a/src/flask/helpers.py b/src/flask/helpers.py
@@ -547,7 +547,8 @@ def download_file(name):
     raises a 404 :exc:`~werkzeug.exceptions.NotFound` error.
 
     :param directory: The directory that ``path`` must be located under,
-        relative to the current application's root path.
+        relative to the current application's root path. This *must not*
+        be a value provided by the client, otherwise it becomes insecure.
     :param path: The path to the file to send, relative to
         ``directory``.
     :param kwargs: Arguments to pass to :func:`send_file`.
