From 10e5c4a1c297d0c7a22f866b9941ac71f70d0dd6 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 4 Aug 2011 22:21:30 +0200
Subject: Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded
 attachments are not deleted on Windows r=glob a=LpSolit

---
 Bugzilla/Attachment.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index c0ea6ca0d..7cd350dde 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -795,7 +795,10 @@ sub create {
     # If we have a filehandle, we need its content to store it in the DB.
     elsif (ref $data) {
         local $/;
-        $data = <$data>;
+        # Store the content in a temp variable while we close the FH.
+        my $tmp = <$data>;
+        close $data;
+        $data = $tmp;
     }
 
     my $sth = $dbh->prepare("INSERT INTO attach_data
-- 
cgit v1.2.3-24-g4f1b