Bug 197153: Fix for insecure temporary filename handling.

Patch by Brad Baetz <bbaetz@acm.org> r= justdave, gerv a= justdave
author: justdave%syndicomm.com <> 2003-04-25 06:17:29 +0200
committer: justdave%syndicomm.com <> 2003-04-25 06:17:29 +0200
commit: 901c2d3a8ad01b13111145ec63234f3bd6f02871 (patch)
tree: cfdf672df926572faac9cfe570767fce56c8e65c /globals.pl
parent: e9841817aa2bb7aef16e6499a9db2d5254a31c5f (diff)
download: bugzilla-901c2d3a8ad01b13111145ec63234f3bd6f02871.tar.gz
bugzilla-901c2d3a8ad01b13111145ec63234f3bd6f02871.tar.xz
1 files changed, 24 insertions, 22 deletions
diff --git a/globals.pl b/globals.pl
index 38833ce15..805bba882 100644
--- a/globals.pl
+++ b/globals.pl
@@ -237,19 +237,21 @@ sub GenerateVersionTable {
 
     my @list = sort { uc($a) cmp uc($b)} keys(%::versions);
     @::legal_product = @list;
-    my $tmpname = "data/versioncache.$$";
-    open(FID, ">$tmpname") || die "Can't create $tmpname";
 
-    print FID "#\n";
-    print FID "# DO NOT EDIT!\n";
-    print FID "# This file is automatically generated at least once every\n";
-    print FID "# hour by the GenerateVersionTable() sub in globals.pl.\n";
-    print FID "# Any changes you make will be overwritten.\n";
-    print FID "#\n";
+    require File::Temp;
+    my ($fh, $tmpname) = File::Temp::tempfile("versioncache.XXXXX",
+                                              DIR => "data");
+
+    print $fh "#\n";
+    print $fh "# DO NOT EDIT!\n";
+    print $fh "# This file is automatically generated at least once every\n";
+    print $fh "# hour by the GenerateVersionTable() sub in globals.pl.\n";
+    print $fh "# Any changes you make will be overwritten.\n";
+    print $fh "#\n";
 
     require Data::Dumper;
-    print FID Data::Dumper->Dump([\@::log_columns, \%::versions],
-                                 ['*::log_columns', '*::versions']);
+    print($fh,Data::Dumper->Dump([\@::log_columns, \%::versions],
+                                 ['*::log_columns', '*::versions']));
 
     foreach my $i (@list) {
         if (!defined $::components{$i}) {
@@ -257,23 +259,23 @@ sub GenerateVersionTable {
         }
     }
     @::legal_versions = sort {uc($a) cmp uc($b)} keys(%varray);
-    print FID Data::Dumper->Dump([\@::legal_versions, \%::components],
-                                 ['*::legal_versions', '*::components']);
+    print($fh,Data::Dumper->Dump([\@::legal_versions, \%::components],
+                                 ['*::legal_versions', '*::components']));
     @::legal_components = sort {uc($a) cmp uc($b)} keys(%carray);
 
-    print FID Data::Dumper->Dump([\@::legal_components, \@::legal_product,
+    print($fh,Data::Dumper->Dump([\@::legal_components, \@::legal_product,
                                   \@::legal_priority, \@::legal_severity,
                                   \@::legal_platform, \@::legal_opsys,
                                   \@::legal_bug_status, \@::legal_resolution],
                                  ['*::legal_components', '*::legal_product',
                                   '*::legal_priority', '*::legal_severity',
                                   '*::legal_platform', '*::legal_opsys',
-                                  '*::legal_bug_status', '*::legal_resolution']);
+                                  '*::legal_bug_status', '*::legal_resolution']));
 
-    print FID Data::Dumper->Dump([\@::settable_resolution, \%::proddesc,
+    print($fh,Data::Dumper->Dump([\@::settable_resolution, \%::proddesc,
                                   \@::enterable_products, \%::prodmaxvotes],
                                  ['*::settable_resolution', '*::proddesc',
-                                  '*::enterable_products', '*::prodmaxvotes']);
+                                  '*::enterable_products', '*::prodmaxvotes']));
 
     if ($dotargetmilestone) {
         # reading target milestones in from the database - matthew@zeroknowledge.com
@@ -296,12 +298,12 @@ sub GenerateVersionTable {
             }
         }
 
-        print FID Data::Dumper->Dump([\%::target_milestone,
+        print($fh,Data::Dumper->Dump([\%::target_milestone,
                                       \@::legal_target_milestone,
                                       \%::milestoneurl],
                                      ['*::target_milestone',
                                       '*::legal_target_milestone',
-                                      '*::milestoneurl']);
+                                      '*::milestoneurl']));
     }
 
     SendSQL("SELECT id, name FROM keyworddefs ORDER BY name");
@@ -312,11 +314,11 @@ sub GenerateVersionTable {
         $::keywordsbyname{$name} = $id;
     }
 
-    print FID Data::Dumper->Dump([\@::legal_keywords, \%::keywordsbyname],
-                                 ['*::legal_keywords', '*::keywordsbyname']);
+    print($fh,Data::Dumper->Dump([\@::legal_keywords, \%::keywordsbyname],
+                                 ['*::legal_keywords', '*::keywordsbyname']));
 
-    print FID "1;\n";
-    close FID;
+    print $fh "1;\n";
+    close $fh;
 
     rename $tmpname, "data/versioncache" || die "Can't rename $tmpname to versioncache";
     ChmodDataFile('data/versioncache', 0666);
author	justdave%syndicomm.com <>	2003-04-25 06:17:29 +0200
committer	justdave%syndicomm.com <>	2003-04-25 06:17:29 +0200
commit	901c2d3a8ad01b13111145ec63234f3bd6f02871 (patch)
tree	cfdf672df926572faac9cfe570767fce56c8e65c /globals.pl
parent	e9841817aa2bb7aef16e6499a9db2d5254a31c5f (diff)
download	bugzilla-901c2d3a8ad01b13111145ec63234f3bd6f02871.tar.gz bugzilla-901c2d3a8ad01b13111145ec63234f3bd6f02871.tar.xz