summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authormatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2004-07-23 00:11:34 +0000
committermatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2004-07-23 00:11:34 +0000
commit97a848151bbebd179b2373f04a1f5b288fe57963 (patch)
tree90e61147ff5b891f79184aae582e274f47ee02d2 /lib
parent9b97c2435c1d6fdbcdfab104cb1ac3359d40dff2 (diff)
downloadruby-97a848151bbebd179b2373f04a1f5b288fe57963.tar.gz
ruby-97a848151bbebd179b2373f04a1f5b288fe57963.tar.xz
ruby-97a848151bbebd179b2373f04a1f5b288fe57963.zip
* lib/cgi/session.rb (CGI::Session::FileStore#update): sets the
permission of the session data file to 0600. * lib/cgi/session/pstore.rb (CGI::Session::Pstore#initialize): ditto. git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@6687 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r--lib/cgi/session.rb2
-rw-r--r--lib/cgi/session/pstore.rb3
2 files changed, 4 insertions, 1 deletions
diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index a44de7cb8..0bc10d013 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -395,7 +395,7 @@ class CGI
def update
return unless @hash
begin
- f = File.open(@path, 'w')
+ f = File.open(@path, File::CREAT|File::TRUNC|File::RDWR, 0600)
f.flock File::LOCK_EX
for k,v in @hash
f.printf "%s=%s\n", CGI::escape(k), CGI::escape(String(v))
diff --git a/lib/cgi/session/pstore.rb b/lib/cgi/session/pstore.rb
index 8f4beb978..f46dd5739 100644
--- a/lib/cgi/session/pstore.rb
+++ b/lib/cgi/session/pstore.rb
@@ -70,6 +70,9 @@ class CGI
@hash = {}
end
@p = ::PStore.new(path)
+ @p.transaction do |p|
+ File.chmod(0600, p.path)
+ end
end
# Restore session state from the session's PStore file.