Security hole in multipart.cgi.in, w3mman2html.cgi.in

From: Hironori Sakamoto <h-saka@lsi.nec.co.jp>
author: Fumitoshi UKAI <ukai@debian.or.jp> 2001-12-21 18:33:41 +0000
committer: Fumitoshi UKAI <ukai@debian.or.jp> 2001-12-21 18:33:41 +0000
commit: 54702c4d832bdcb24f24852a96d5336e5adca75a (patch)
tree: fe085dcc00e3e163a238798a9ab10c2319a1bad7 /scripts/multipart/multipart.cgi.in
parent: helpdir default PREFIX/share/w3m (diff)
download: w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.tar.gz
w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in
index be4e6a0..fb13443 100644
--- a/scripts/multipart/multipart.cgi.in
+++ b/scripts/multipart/multipart.cgi.in
@@ -25,7 +25,7 @@ if (defined($ENV{'QUERY_STRING'})) {
 	$CGI = "file:///\$LIB/multipart.cgi?file=" . &html_quote($file);
 }
 
-open(F, $file);
+open(F, "< $file");
 $end = 0;
 $mbody = '';
 if (defined($boundary)) {
@@ -258,7 +258,7 @@ sub load_mime_type {
 	local($file) = @_;
 	local(%m, $a, @b, $_);
 
-	open(M, $file) || return ();
+	open(M, "< $file") || return ();
 	while(<M>) {
 		/^#/ && next;
 		chop;
author	Fumitoshi UKAI <ukai@debian.or.jp>	2001-12-21 18:33:41 +0000
committer	Fumitoshi UKAI <ukai@debian.or.jp>	2001-12-21 18:33:41 +0000
commit	54702c4d832bdcb24f24852a96d5336e5adca75a (patch)
tree	fe085dcc00e3e163a238798a9ab10c2319a1bad7 /scripts/multipart/multipart.cgi.in
parent	helpdir default PREFIX/share/w3m (diff)
download	w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.tar.gz w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.zip