diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-07-23 00:11:34 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-07-23 00:11:34 +0000 |
commit | 97a848151bbebd179b2373f04a1f5b288fe57963 (patch) | |
tree | 90e61147ff5b891f79184aae582e274f47ee02d2 /lib | |
parent | 9b97c2435c1d6fdbcdfab104cb1ac3359d40dff2 (diff) | |
download | ruby-97a848151bbebd179b2373f04a1f5b288fe57963.tar.gz ruby-97a848151bbebd179b2373f04a1f5b288fe57963.tar.xz ruby-97a848151bbebd179b2373f04a1f5b288fe57963.zip |
* lib/cgi/session.rb (CGI::Session::FileStore#update): sets the
permission of the session data file to 0600.
* lib/cgi/session/pstore.rb (CGI::Session::Pstore#initialize):
ditto.
git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@6687 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/cgi/session.rb | 2 | ||||
-rw-r--r-- | lib/cgi/session/pstore.rb | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb index a44de7cb8..0bc10d013 100644 --- a/lib/cgi/session.rb +++ b/lib/cgi/session.rb @@ -395,7 +395,7 @@ class CGI def update return unless @hash begin - f = File.open(@path, 'w') + f = File.open(@path, File::CREAT|File::TRUNC|File::RDWR, 0600) f.flock File::LOCK_EX for k,v in @hash f.printf "%s=%s\n", CGI::escape(k), CGI::escape(String(v)) diff --git a/lib/cgi/session/pstore.rb b/lib/cgi/session/pstore.rb index 8f4beb978..f46dd5739 100644 --- a/lib/cgi/session/pstore.rb +++ b/lib/cgi/session/pstore.rb @@ -70,6 +70,9 @@ class CGI @hash = {} end @p = ::PStore.new(path) + @p.transaction do |p| + File.chmod(0600, p.path) + end end # Restore session state from the session's PStore file. |