From 19117cc3e4da268d64107957e4c206d8df875505 Mon Sep 17 00:00:00 2001
From: Gervase Markham <gerv@mozilla.org>
Date: Wed, 21 Jan 2015 20:06:08 +0000
Subject: Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to
 prevent shell code injection r=dkl,a=glob

---
 search_plugin.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'search_plugin.cgi')

diff --git a/search_plugin.cgi b/search_plugin.cgi
index 7de8bed5f..0b628f32e 100755
--- a/search_plugin.cgi
+++ b/search_plugin.cgi
@@ -27,7 +27,7 @@ print $cgi->header('application/xml');
 
 # Get the contents of favicon.ico
 my $filename = bz_locations()->{'libpath'} . "/images/favicon.ico";
-if (open(IN, $filename)) {
+if (open(IN, '<', $filename)) {
     local $/;
     binmode IN;
     $vars->{'favicon'} = <IN>;
-- 
cgit v1.2.1