deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Security: ensure that the file system cache is not world-writable

Browse source
This commit is contained in:
Jacques Distler 2007-03-10 11:05:52 -06:00
parent 4ae46b32d8
commit 46a456b3ad
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
vendor/rails/actionpack/lib/action_controller/caching.rb vendored
View file

@ -472,6 +472,7 @@ module ActionController #:nodoc:
end end
def write(name, value, options = nil) #:nodoc: def write(name, value, options = nil) #:nodoc:
File.umask(0006)
ensure_cache_path(File.dirname(real_file_path(name))) ensure_cache_path(File.dirname(real_file_path(name)))
File.open(real_file_path(name), "wb+") { |f| f.write(value) } File.open(real_file_path(name), "wb+") { |f| f.write(value) }
rescue => e rescue => e