diff options
| author |   Gervase Markham <gerv@mozilla.org> | 2015-01-21 20:06:08 +0000 |
|---|---|---|
| committer |   David Lawrence <dkl@mozilla.com> | 2015-01-21 20:06:08 +0000 |
| commit | 19117cc3e4da268d64107957e4c206d8df875505 (patch) | |
| tree | 81546dbda0b66c7463407c3854ee98689326dc15 /Bugzilla/Install/Filesystem.pm | |
| parent | Bug 1121806: show_bug does not display in IE9 (diff) | |
| download | bugzilla-19117cc3e4da268d64107957e4c206d8df875505.tar.gz bugzilla-19117cc3e4da268d64107957e4c206d8df875505.tar.bz2 bugzilla-19117cc3e4da268d64107957e4c206d8df875505.zip | |
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dkl,a=glob
Diffstat (limited to 'Bugzilla/Install/Filesystem.pm')
| -rw-r--r-- | Bugzilla/Install/Filesystem.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 061ca53c7..15fca30ee 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -633,7 +633,7 @@ sub _update_old_charts { ($in_file =~ /\.orig$/i)); rename("$in_file", "$in_file.orig") or next; - open(IN, "$in_file.orig") or next; + open(IN, "<", "$in_file.orig") or next; open(OUT, '>', $in_file) or next; # Fields in the header |