Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/search_plugin.cgi
diff options
context:
space:
mode:
authorGervase Markham <gerv@mozilla.org>2015-01-21 20:22:21 +0000
committerDavid Lawrence <dkl@mozilla.com>2015-01-21 20:22:21 +0000
commitf5b9cba3b42b6823288889a42078cf6f70aa4840 (patch)
tree55733e1ca38714f1124771f0460b3423a936ac2b /search_plugin.cgi
parentFix an obsolete ID (diff)
downloadbugzilla-f5b9cba3b42b6823288889a42078cf6f70aa4840.tar.gz
bugzilla-f5b9cba3b42b6823288889a42078cf6f70aa4840.tar.bz2
bugzilla-f5b9cba3b42b6823288889a42078cf6f70aa4840.zip
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dylan,a=simon
Diffstat (limited to 'search_plugin.cgi')
-rwxr-xr-xsearch_plugin.cgi2
1 files changed, 1 insertions, 1 deletions
diff --git a/search_plugin.cgi b/search_plugin.cgi
index 3809159c7..ca515bfae 100755
--- a/search_plugin.cgi
+++ b/search_plugin.cgi
@@ -24,7 +24,7 @@ print $cgi->header('application/xml');
# Get the contents of favicon.ico
my $filename = bz_locations()->{'libpath'} . "/images/favicon.ico";
-if (open(IN, $filename)) {
+if (open(IN, '<', $filename)) {
local $/;
binmode IN;
$vars->{'favicon'} = <IN>;