Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection

r=dkl,a=glob
author: Gervase Markham <gerv@mozilla.org> 2015-01-21 20:06:08 +0000
committer: David Lawrence <dkl@mozilla.com> 2015-01-21 20:06:08 +0000
commit: 19117cc3e4da268d64107957e4c206d8df875505 (patch)
tree: 81546dbda0b66c7463407c3854ee98689326dc15 /Bugzilla/Install/CPAN.pm
parent: 272b0b69b2884d937ffd4b5b01fb89235603c67c (diff)
download: bugs-19117cc3e4da268d64107957e4c206d8df875505.tar
bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.gz
bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.bz2
bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.xz
bugs-19117cc3e4da268d64107957e4c206d8df875505.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/Bugzilla/Install/CPAN.pm b/Bugzilla/Install/CPAN.pm
index 19f143190..094784e1a 100644
--- a/Bugzilla/Install/CPAN.pm
+++ b/Bugzilla/Install/CPAN.pm
@@ -196,8 +196,8 @@ sub set_cpan_config {
     # Calling a senseless autoload that does nothing makes us
     # automatically load any existing configuration.
     # We want to avoid the "invalid command" message.
-    open(my $saveout, ">&STDOUT");
-    open(STDOUT, '>/dev/null');
+    open(my $saveout, ">&", "STDOUT");
+    open(STDOUT, '>', '/dev/null');
     eval { CPAN->ignore_this_error_message_from_bugzilla; };
     undef $@;
     close(STDOUT);
author	Gervase Markham <gerv@mozilla.org>	2015-01-21 20:06:08 +0000
committer	David Lawrence <dkl@mozilla.com>	2015-01-21 20:06:08 +0000
commit	19117cc3e4da268d64107957e4c206d8df875505 (patch)
tree	81546dbda0b66c7463407c3854ee98689326dc15 /Bugzilla/Install/CPAN.pm
parent	272b0b69b2884d937ffd4b5b01fb89235603c67c (diff)
download	bugs-19117cc3e4da268d64107957e4c206d8df875505.tar bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.gz bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.bz2 bugs-19117cc3e4da268d64107957e4c206d8df875505.tar.xz bugs-19117cc3e4da268d64107957e4c206d8df875505.zip