From 19117cc3e4da268d64107957e4c206d8df875505 Mon Sep 17 00:00:00 2001
From: Gervase Markham <gerv@mozilla.org>
Date: Wed, 21 Jan 2015 20:06:08 +0000
Subject: Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to
 prevent shell code injection r=dkl,a=glob

---
 showdependencygraph.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'showdependencygraph.cgi')

diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi
index 02c8fd94f..e3e54c4d8 100755
--- a/showdependencygraph.cgi
+++ b/showdependencygraph.cgi
@@ -49,7 +49,7 @@ sub CreateImagemap {
     my $map = "<map name=\"imagemap\">\n";
     my $default = "";
 
-    open MAP, "<$mapfilename";
+    open MAP, "<", $mapfilename;
     while(my $line = <MAP>) {
         if($line =~ /^default ([^ ]*)(.*)$/) {
             $default = qq{<area alt="" shape="default" href="$1">\n};
@@ -258,7 +258,7 @@ if ($webdotbase =~ /^https?:/) {
                                                  error => $! });
 
     binmode $pngfh;
-    open(DOT, "\"$webdotbase\" -Tpng $filename|");
+    open(DOT, '-|', "\"$webdotbase\" -Tpng $filename");
     binmode DOT;
     print $pngfh $_ while <DOT>;
     close DOT;
@@ -287,7 +287,7 @@ if ($webdotbase =~ /^https?:/) {
                                                  error => $! });
 
     binmode $mapfh;
-    open(DOT, "\"$webdotbase\" -Tismap $filename|");
+    open(DOT, '-|', "\"$webdotbase\" -Tismap $filename");
     binmode DOT;
     print $mapfh $_ while <DOT>;
     close DOT;
-- 
cgit v1.2.1