diff options
author | Fumitoshi UKAI <ukai@debian.or.jp> | 2001-12-21 18:33:41 +0000 |
---|---|---|
committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2001-12-21 18:33:41 +0000 |
commit | 54702c4d832bdcb24f24852a96d5336e5adca75a (patch) | |
tree | fe085dcc00e3e163a238798a9ab10c2319a1bad7 /scripts/multipart | |
parent | helpdir default PREFIX/share/w3m (diff) | |
download | w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.tar.gz w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.zip |
Security hole in multipart.cgi.in, w3mman2html.cgi.in
From: Hironori Sakamoto <h-saka@lsi.nec.co.jp>
Diffstat (limited to 'scripts/multipart')
-rw-r--r-- | scripts/multipart/multipart.cgi.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in index be4e6a0..fb13443 100644 --- a/scripts/multipart/multipart.cgi.in +++ b/scripts/multipart/multipart.cgi.in @@ -25,7 +25,7 @@ if (defined($ENV{'QUERY_STRING'})) { $CGI = "file:///\$LIB/multipart.cgi?file=" . &html_quote($file); } -open(F, $file); +open(F, "< $file"); $end = 0; $mbody = ''; if (defined($boundary)) { @@ -258,7 +258,7 @@ sub load_mime_type { local($file) = @_; local(%m, $a, @b, $_); - open(M, $file) || return (); + open(M, "< $file") || return (); while(<M>) { /^#/ && next; chop; |