diff options
author | Gervase Markham <gerv@mozilla.org> | 2015-01-21 20:06:08 +0000 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-01-21 20:06:08 +0000 |
commit | 19117cc3e4da268d64107957e4c206d8df875505 (patch) | |
tree | 81546dbda0b66c7463407c3854ee98689326dc15 /testserver.pl | |
parent | Bug 1121806: show_bug does not display in IE9 (diff) | |
download | bugzilla-19117cc3e4da268d64107957e4c206d8df875505.tar.gz bugzilla-19117cc3e4da268d64107957e4c206d8df875505.tar.bz2 bugzilla-19117cc3e4da268d64107957e4c206d8df875505.zip |
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dkl,a=glob
Diffstat (limited to 'testserver.pl')
-rwxr-xr-x | testserver.pl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/testserver.pl b/testserver.pl index 2ab48f375..d827c80ea 100755 --- a/testserver.pl +++ b/testserver.pl @@ -40,7 +40,7 @@ my @pscmds = ('ps -eo comm,gid', 'ps -acxo command,gid', 'ps -acxo command,rgid' my $sgid = 0; if (!ON_WINDOWS) { foreach my $pscmd (@pscmds) { - open PH, "$pscmd 2>/dev/null |"; + open PH, '-|', "$pscmd 2>/dev/null"; while (my $line = <PH>) { if ($line =~ /^(?:\S*\/)?(?:httpd|apache?)2?\s+(\d+)$/) { $sgid = $1 if $1 > $sgid; @@ -267,7 +267,7 @@ sub check_image { sub create_file { my ($filename, $content) = @_; - open(FH, ">$filename") + open(FH, ">", $filename) or die "Failed to create $filename: $!\n"; binmode FH; print FH $content; @@ -276,7 +276,7 @@ sub create_file { sub read_file { my ($filename) = @_; - open(FH, $filename) + open(FH, '<', $filename) or die "Failed to open $filename: $!\n"; binmode FH; my $content = <FH>; |