summaryrefslogtreecommitdiffstats
path: root/search_plugin.cgi
diff options
context:
space:
mode:
authorGervase Markham <gerv@mozilla.org>2015-01-21 20:49:57 +0100
committerDavid Lawrence <dkl@mozilla.com>2015-01-21 20:49:57 +0100
commit4dabf1a9c679f06b3637d3c76e1e05aa83a6d259 (patch)
tree93ec377d81b16ad7caccc28c4954048358aa431b /search_plugin.cgi
parent367d9c2f6efd2cc53b773f0c1cc9e19a8d82c5be (diff)
downloadbugzilla-4dabf1a9c679f06b3637d3c76e1e05aa83a6d259.tar.gz
bugzilla-4dabf1a9c679f06b3637d3c76e1e05aa83a6d259.tar.xz
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dylan,a=simon
Diffstat (limited to 'search_plugin.cgi')
-rwxr-xr-xsearch_plugin.cgi2
1 files changed, 1 insertions, 1 deletions
diff --git a/search_plugin.cgi b/search_plugin.cgi
index 7de8bed5f..0b628f32e 100755
--- a/search_plugin.cgi
+++ b/search_plugin.cgi
@@ -27,7 +27,7 @@ print $cgi->header('application/xml');
# Get the contents of favicon.ico
my $filename = bz_locations()->{'libpath'} . "/images/favicon.ico";
-if (open(IN, $filename)) {
+if (open(IN, '<', $filename)) {
local $/;
binmode IN;
$vars->{'favicon'} = <IN>;