diff options
| author | Gervase Markham <gerv@mozilla.org> | 2015-01-21 20:49:57 +0100 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2015-01-21 20:49:57 +0100 |
| commit | 4dabf1a9c679f06b3637d3c76e1e05aa83a6d259 (patch) | |
| tree | 93ec377d81b16ad7caccc28c4954048358aa431b /reports.cgi | |
| parent | 367d9c2f6efd2cc53b773f0c1cc9e19a8d82c5be (diff) | |
| download | bugzilla-4dabf1a9c679f06b3637d3c76e1e05aa83a6d259.tar.gz bugzilla-4dabf1a9c679f06b3637d3c76e1e05aa83a6d259.tar.xz | |
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dylan,a=simon
Diffstat (limited to 'reports.cgi')
| -rwxr-xr-x | reports.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/reports.cgi b/reports.cgi index cdc9d4a87..89dee1c9a 100755 --- a/reports.cgi +++ b/reports.cgi @@ -138,7 +138,7 @@ sub generate_chart { my ($dir, $image_file, $product, $datasets) = @_; my $data_file = $dir . '/' . $product->id; - if (! open FILE, $data_file) { + if (!open(FILE, '<', $data_file)) { ThrowCodeError('chart_data_not_generated', {'product' => $product}); } |