diff options
| author | Gervase Markham <gerv@mozilla.org> | 2015-01-21 20:06:08 +0000 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2015-01-21 20:06:08 +0000 |
| commit | 19117cc3e4da268d64107957e4c206d8df875505 (patch) | |
| tree | 81546dbda0b66c7463407c3854ee98689326dc15 /Bugzilla/Config/Common.pm | |
| parent | 272b0b69b2884d937ffd4b5b01fb89235603c67c (diff) | |
| download | bugs-19117cc3e4da268d64107957e4c206d8df875505.tar bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.gz bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.bz2 bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.xz bugs-19117cc3e4da268d64107957e4c206d8df875505.zip | |
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dkl,a=glob
Diffstat (limited to 'Bugzilla/Config/Common.pm')
| -rw-r--r-- | Bugzilla/Config/Common.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm index fe6a2c2c0..414894773 100644 --- a/Bugzilla/Config/Common.pm +++ b/Bugzilla/Config/Common.pm @@ -234,7 +234,7 @@ sub check_webdotbase { # Check .htaccess allows access to generated images my $webdotdir = bz_locations()->{'webdotdir'}; if(-e "$webdotdir/.htaccess") { - open HTACCESS, "$webdotdir/.htaccess"; + open HTACCESS, "<", "$webdotdir/.htaccess"; if(! grep(/ \\\.png\$/,<HTACCESS>)) { return "Dependency graph images are not accessible.\nAssuming that you have not modified the file, delete $webdotdir/.htaccess and re-run checksetup.pl to rectify.\n"; } |