aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/multipart
diff options
context:
space:
mode:
authorFumitoshi UKAI <ukai@debian.or.jp>2001-12-21 18:33:41 +0000
committerFumitoshi UKAI <ukai@debian.or.jp>2001-12-21 18:33:41 +0000
commit54702c4d832bdcb24f24852a96d5336e5adca75a (patch)
treefe085dcc00e3e163a238798a9ab10c2319a1bad7 /scripts/multipart
parenthelpdir default PREFIX/share/w3m (diff)
downloadw3m-54702c4d832bdcb24f24852a96d5336e5adca75a.tar.gz
w3m-54702c4d832bdcb24f24852a96d5336e5adca75a.zip
Security hole in multipart.cgi.in, w3mman2html.cgi.in
From: Hironori Sakamoto <h-saka@lsi.nec.co.jp>
Diffstat (limited to 'scripts/multipart')
-rw-r--r--scripts/multipart/multipart.cgi.in4
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in
index be4e6a0..fb13443 100644
--- a/scripts/multipart/multipart.cgi.in
+++ b/scripts/multipart/multipart.cgi.in
@@ -25,7 +25,7 @@ if (defined($ENV{'QUERY_STRING'})) {
$CGI = "file:///\$LIB/multipart.cgi?file=" . &html_quote($file);
}
-open(F, $file);
+open(F, "< $file");
$end = 0;
$mbody = '';
if (defined($boundary)) {
@@ -258,7 +258,7 @@ sub load_mime_type {
local($file) = @_;
local(%m, $a, @b, $_);
- open(M, $file) || return ();
+ open(M, "< $file") || return ();
while(<M>) {
/^#/ && next;
chop;