From f5b9cba3b42b6823288889a42078cf6f70aa4840 Mon Sep 17 00:00:00 2001 From: Gervase Markham Date: Wed, 21 Jan 2015 20:22:21 +0000 Subject: Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection r=dylan,a=simon --- search_plugin.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'search_plugin.cgi') diff --git a/search_plugin.cgi b/search_plugin.cgi index 3809159c7..ca515bfae 100755 --- a/search_plugin.cgi +++ b/search_plugin.cgi @@ -24,7 +24,7 @@ print $cgi->header('application/xml'); # Get the contents of favicon.ico my $filename = bz_locations()->{'libpath'} . "/images/favicon.ico"; -if (open(IN, $filename)) { +if (open(IN, '<', $filename)) { local $/; binmode IN; $vars->{'favicon'} = ; -- cgit v1.2.3-65-gdbad