diff options
author | Gervase Markham <gerv@mozilla.org> | 2015-01-21 20:49:57 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-01-21 20:49:57 +0100 |
commit | 4dabf1a9c679f06b3637d3c76e1e05aa83a6d259 (patch) | |
tree | 93ec377d81b16ad7caccc28c4954048358aa431b /Bugzilla/Install/Filesystem.pm | |
parent | 367d9c2f6efd2cc53b773f0c1cc9e19a8d82c5be (diff) | |
download | bugzilla-4dabf1a9c679f06b3637d3c76e1e05aa83a6d259.tar.gz bugzilla-4dabf1a9c679f06b3637d3c76e1e05aa83a6d259.tar.xz |
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dylan,a=simon
Diffstat (limited to 'Bugzilla/Install/Filesystem.pm')
-rw-r--r-- | Bugzilla/Install/Filesystem.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 2120cbc57..64b651c62 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -634,7 +634,7 @@ sub _update_old_charts { ($in_file =~ /\.orig$/i)); rename("$in_file", "$in_file.orig") or next; - open(IN, "$in_file.orig") or next; + open(IN, "<", "$in_file.orig") or next; open(OUT, '>', $in_file) or next; # Fields in the header |