summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-08-04 22:21:30 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2011-08-04 22:21:30 +0200
commit10e5c4a1c297d0c7a22f866b9941ac71f70d0dd6 (patch)
tree70a082f755f9db383bb339bb1b55e0c3eb0b85a7
parent5d70d16f37a866852e6a48ec9fefe3664a6a9a55 (diff)
downloadbugzilla-10e5c4a1c297d0c7a22f866b9941ac71f70d0dd6.tar.gz
bugzilla-10e5c4a1c297d0c7a22f866b9941ac71f70d0dd6.tar.xz
Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are not deleted on Windows
r=glob a=LpSolit
-rw-r--r--Bugzilla/Attachment.pm5
1 files changed, 4 insertions, 1 deletions
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index c0ea6ca0d..7cd350dde 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -795,7 +795,10 @@ sub create {
# If we have a filehandle, we need its content to store it in the DB.
elsif (ref $data) {
local $/;
- $data = <$data>;
+ # Store the content in a temp variable while we close the FH.
+ my $tmp = <$data>;
+ close $data;
+ $data = $tmp;
}
my $sth = $dbh->prepare("INSERT INTO attach_data