[vdr] security patch for vdradmin-0.97-am1

C.Y.M syphir at syphir.sytes.net
Mon Mar 21 11:01:55 CET 2005


I noticed the following patch was missing from vdradmin-0.97-am1.

Regards,
-------------- next part --------------
--- vdradmin/vdradmind.pl.orig	2005-03-21 01:05:27.000000000 -0800
+++ vdradmin/vdradmind.pl	2005-03-21 01:08:07.000000000 -0800
@@ -32,6 +32,8 @@
 	unshift(@INC, $BASENAME . "lib/");
 }
 
+require File::Temp;
+
 use CGI qw(:no_debug);
 use IO::Socket;
 use HTML::Template::Expr();
@@ -39,6 +41,7 @@
 use Time::Local qw(timelocal);
 use POSIX ":sys_wait_h", qw(strftime mktime);
 use MIME::Base64();
+use File::Temp();
 
 $SIG{CHLD} = sub { wait };
 
@@ -704,7 +707,7 @@
 
 sub GZip {
 	my $content = shift;
-  my $filename = "/tmp/vdradmin." . time();
+  my $filename = new File::Temp("vdradmin-XXXXX", UNLINK => 1);
   open(PIPE, "| gzip -9 - > $filename") || die "cant open pipe to gzip ($!)";
   print PIPE $$content;
   close(PIPE);
@@ -3739,7 +3742,7 @@
 #############################################################################
 sub grab_picture {
 	my $size = $q->param("size");
-	my $file = "/tmp/vdr.jpg";
+	my $file = new File::Temp("vdr-XXXXX", UNLINK => 1, SUFFIX => ".jpg");
 	my $maxwidth = 768;
 	my $maxheight = 576;
 	my($width, $height);


More information about the vdr mailing list