diff options
| author |   Gervase Markham <gerv@mozilla.org> | 2015-01-21 20:06:08 +0000 |
|---|---|---|
| committer |   David Lawrence <dkl@mozilla.com> | 2015-01-21 20:06:08 +0000 |
| commit | 19117cc3e4da268d64107957e4c206d8df875505 (patch) | |
| tree | 81546dbda0b66c7463407c3854ee98689326dc15 /showdependencygraph.cgi | |
| parent | Bug 1121806: show_bug does not display in IE9 (diff) | |
| download | bugzilla-19117cc3e4da268d64107957e4c206d8df875505.tar.gz bugzilla-19117cc3e4da268d64107957e4c206d8df875505.tar.bz2 bugzilla-19117cc3e4da268d64107957e4c206d8df875505.zip | |
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dkl,a=glob
Diffstat (limited to 'showdependencygraph.cgi')
| -rwxr-xr-x | showdependencygraph.cgi | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 02c8fd94f..e3e54c4d8 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -49,7 +49,7 @@ sub CreateImagemap { my $map = "<map name=\"imagemap\">\n"; my $default = ""; - open MAP, "<$mapfilename"; + open MAP, "<", $mapfilename; while(my $line = <MAP>) { if($line =~ /^default ([^ ]*)(.*)$/) { $default = qq{<area alt="" shape="default" href="$1">\n}; @@ -258,7 +258,7 @@ if ($webdotbase =~ /^https?:/) { error => $! }); binmode $pngfh; - open(DOT, "\"$webdotbase\" -Tpng $filename|"); + open(DOT, '-|', "\"$webdotbase\" -Tpng $filename"); binmode DOT; print $pngfh $_ while <DOT>; close DOT; @@ -287,7 +287,7 @@ if ($webdotbase =~ /^https?:/) { error => $! }); binmode $mapfh; - open(DOT, "\"$webdotbase\" -Tismap $filename|"); + open(DOT, '-|', "\"$webdotbase\" -Tismap $filename"); binmode DOT; print $mapfh $_ while <DOT>; close DOT; |