Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments…

Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are not deleted on Windows r=glob a=LpSolit

Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments…
10e5c4a1 · Frédéric Buclin · 5d70d16f · 10e5c4a1
Commit 10e5c4a1 authored Aug 04, 2011 by Frédéric Buclin
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

Attachment.pm Bugzilla/Attachment.pm +4 -1

No files found.
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -795,7 +795,10 @@ sub create {
    # If we have a filehandle, we need its content to store it in the DB.
    elsif (ref $data) {
        local $/;
-        $data = <$data>;
+        # Store the content in a temp variable while we close the FH.
+        my $tmp = <$data>;
+        close $data;
+        $data = $tmp;
    }

    my $sth = $dbh->prepare("INSERT INTO attach_data