From 19117cc3e4da268d64107957e4c206d8df875505 Mon Sep 17 00:00:00 2001
From: Gervase Markham <gerv@mozilla.org>
Date: Wed, 21 Jan 2015 20:06:08 +0000
Subject: Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to
 prevent shell code injection r=dkl,a=glob

---
 Bugzilla/Config/Common.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla/Config/Common.pm')

diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm
index fe6a2c2c0..414894773 100644
--- a/Bugzilla/Config/Common.pm
+++ b/Bugzilla/Config/Common.pm
@@ -234,7 +234,7 @@ sub check_webdotbase {
         # Check .htaccess allows access to generated images
         my $webdotdir = bz_locations()->{'webdotdir'};
         if(-e "$webdotdir/.htaccess") {
-            open HTACCESS, "$webdotdir/.htaccess";
+            open HTACCESS, "<", "$webdotdir/.htaccess";
             if(! grep(/ \\\.png\$/,<HTACCESS>)) {
                 return "Dependency graph images are not accessible.\nAssuming that you have not modified the file, delete $webdotdir/.htaccess and re-run checksetup.pl to rectify.\n";
             }
-- 
cgit v1.2.1