From 901c2d3a8ad01b13111145ec63234f3bd6f02871 Mon Sep 17 00:00:00 2001 From: "justdave%syndicomm.com" <> Date: Fri, 25 Apr 2003 04:17:29 +0000 Subject: Bug 197153: Fix for insecure temporary filename handling. Patch by Brad Baetz r= justdave, gerv a= justdave --- globals.pl | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) (limited to 'globals.pl') diff --git a/globals.pl b/globals.pl index 38833ce15..805bba882 100644 --- a/globals.pl +++ b/globals.pl @@ -237,19 +237,21 @@ sub GenerateVersionTable { my @list = sort { uc($a) cmp uc($b)} keys(%::versions); @::legal_product = @list; - my $tmpname = "data/versioncache.$$"; - open(FID, ">$tmpname") || die "Can't create $tmpname"; - print FID "#\n"; - print FID "# DO NOT EDIT!\n"; - print FID "# This file is automatically generated at least once every\n"; - print FID "# hour by the GenerateVersionTable() sub in globals.pl.\n"; - print FID "# Any changes you make will be overwritten.\n"; - print FID "#\n"; + require File::Temp; + my ($fh, $tmpname) = File::Temp::tempfile("versioncache.XXXXX", + DIR => "data"); + + print $fh "#\n"; + print $fh "# DO NOT EDIT!\n"; + print $fh "# This file is automatically generated at least once every\n"; + print $fh "# hour by the GenerateVersionTable() sub in globals.pl.\n"; + print $fh "# Any changes you make will be overwritten.\n"; + print $fh "#\n"; require Data::Dumper; - print FID Data::Dumper->Dump([\@::log_columns, \%::versions], - ['*::log_columns', '*::versions']); + print($fh,Data::Dumper->Dump([\@::log_columns, \%::versions], + ['*::log_columns', '*::versions'])); foreach my $i (@list) { if (!defined $::components{$i}) { @@ -257,23 +259,23 @@ sub GenerateVersionTable { } } @::legal_versions = sort {uc($a) cmp uc($b)} keys(%varray); - print FID Data::Dumper->Dump([\@::legal_versions, \%::components], - ['*::legal_versions', '*::components']); + print($fh,Data::Dumper->Dump([\@::legal_versions, \%::components], + ['*::legal_versions', '*::components'])); @::legal_components = sort {uc($a) cmp uc($b)} keys(%carray); - print FID Data::Dumper->Dump([\@::legal_components, \@::legal_product, + print($fh,Data::Dumper->Dump([\@::legal_components, \@::legal_product, \@::legal_priority, \@::legal_severity, \@::legal_platform, \@::legal_opsys, \@::legal_bug_status, \@::legal_resolution], ['*::legal_components', '*::legal_product', '*::legal_priority', '*::legal_severity', '*::legal_platform', '*::legal_opsys', - '*::legal_bug_status', '*::legal_resolution']); + '*::legal_bug_status', '*::legal_resolution'])); - print FID Data::Dumper->Dump([\@::settable_resolution, \%::proddesc, + print($fh,Data::Dumper->Dump([\@::settable_resolution, \%::proddesc, \@::enterable_products, \%::prodmaxvotes], ['*::settable_resolution', '*::proddesc', - '*::enterable_products', '*::prodmaxvotes']); + '*::enterable_products', '*::prodmaxvotes'])); if ($dotargetmilestone) { # reading target milestones in from the database - matthew@zeroknowledge.com @@ -296,12 +298,12 @@ sub GenerateVersionTable { } } - print FID Data::Dumper->Dump([\%::target_milestone, + print($fh,Data::Dumper->Dump([\%::target_milestone, \@::legal_target_milestone, \%::milestoneurl], ['*::target_milestone', '*::legal_target_milestone', - '*::milestoneurl']); + '*::milestoneurl'])); } SendSQL("SELECT id, name FROM keyworddefs ORDER BY name"); @@ -312,11 +314,11 @@ sub GenerateVersionTable { $::keywordsbyname{$name} = $id; } - print FID Data::Dumper->Dump([\@::legal_keywords, \%::keywordsbyname], - ['*::legal_keywords', '*::keywordsbyname']); + print($fh,Data::Dumper->Dump([\@::legal_keywords, \%::keywordsbyname], + ['*::legal_keywords', '*::keywordsbyname'])); - print FID "1;\n"; - close FID; + print $fh "1;\n"; + close $fh; rename $tmpname, "data/versioncache" || die "Can't rename $tmpname to versioncache"; ChmodDataFile('data/versioncache', 0666); -- cgit v1.2.3-24-g4f1b