From 10e5c4a1c297d0c7a22f866b9941ac71f70d0dd6 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Thu, 4 Aug 2011 22:21:30 +0200 Subject: Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are not deleted on Windows r=glob a=LpSolit --- Bugzilla/Attachment.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index c0ea6ca0d..7cd350dde 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -795,7 +795,10 @@ sub create { # If we have a filehandle, we need its content to store it in the DB. elsif (ref $data) { local $/; - $data = <$data>; + # Store the content in a temp variable while we close the FH. + my $tmp = <$data>; + close $data; + $data = $tmp; } my $sth = $dbh->prepare("INSERT INTO attach_data -- cgit v1.2.3-24-g4f1b