security patch for vdradmin-0.97-am1

Message ID 423E9B93.2080808@syphir.sytes.net
State New
Headers

Commit Message

C.Y.M March 21, 2005, 10:01 a.m. UTC
  I noticed the following patch was missing from vdradmin-0.97-am1.

Regards,
  

Comments

Andreas Mair March 21, 2005, 10:18 a.m. UTC | #1
Hi,

thanks for the patch, I've already included it in the release I will put out 
today.

Regards,
Andreas

On Monday 21 March 2005 11:01, C.Y.M wrote:
> I noticed the following patch was missing from vdradmin-0.97-am1.
>
> Regards,
  
C.Y.M March 21, 2005, 10:41 a.m. UTC | #2
Andreas Mair wrote:
> Hi,
> 
> thanks for the patch, I've already included it in the release I will put out 
> today.
> 
> Regards,
> Andreas
> 
> On Monday 21 March 2005 11:01, C.Y.M wrote:
> 
>>I noticed the following patch was missing from vdradmin-0.97-am1.
>>

No problem..

I know this is unrelated to the security patch, but I also noticed that if I
change the start page in the configuration options from the default "Channels"
to "What's On", then it fails to display upon login.

Best Regards,
  

Patch

--- vdradmin/vdradmind.pl.orig	2005-03-21 01:05:27.000000000 -0800
+++ vdradmin/vdradmind.pl	2005-03-21 01:08:07.000000000 -0800
@@ -32,6 +32,8 @@ 
 	unshift(@INC, $BASENAME . "lib/");
 }
 
+require File::Temp;
+
 use CGI qw(:no_debug);
 use IO::Socket;
 use HTML::Template::Expr();
@@ -39,6 +41,7 @@ 
 use Time::Local qw(timelocal);
 use POSIX ":sys_wait_h", qw(strftime mktime);
 use MIME::Base64();
+use File::Temp();
 
 $SIG{CHLD} = sub { wait };
 
@@ -704,7 +707,7 @@ 
 
 sub GZip {
 	my $content = shift;
-  my $filename = "/tmp/vdradmin." . time();
+  my $filename = new File::Temp("vdradmin-XXXXX", UNLINK => 1);
   open(PIPE, "| gzip -9 - > $filename") || die "cant open pipe to gzip ($!)";
   print PIPE $$content;
   close(PIPE);
@@ -3739,7 +3742,7 @@ 
 #############################################################################
 sub grab_picture {
 	my $size = $q->param("size");
-	my $file = "/tmp/vdr.jpg";
+	my $file = new File::Temp("vdr-XXXXX", UNLINK => 1, SUFFIX => ".jpg");
 	my $maxwidth = 768;
 	my $maxheight = 576;
 	my($width, $height);