From ca14017bb65ee6316bfd400ac3efd6abe3ab70ed Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 23 Jul 2004 07:52:38 +0000
Subject: * gc.c (define_final): should not disclose NODE* to Ruby world.  
 [ruby-dev:23957]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6691 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/cgi/session.rb        | 2 +-
 lib/cgi/session/pstore.rb | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib/cgi')

diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index a44de7cb81..0bc10d013f 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -395,7 +395,7 @@ class CGI
       def update
 	return unless @hash
         begin
-	  f = File.open(@path, 'w')
+	  f = File.open(@path, File::CREAT|File::TRUNC|File::RDWR, 0600)
 	  f.flock File::LOCK_EX
    	  for k,v in @hash
 	    f.printf "%s=%s\n", CGI::escape(k), CGI::escape(String(v))
diff --git a/lib/cgi/session/pstore.rb b/lib/cgi/session/pstore.rb
index 8f4beb978a..f46dd57392 100644
--- a/lib/cgi/session/pstore.rb
+++ b/lib/cgi/session/pstore.rb
@@ -70,6 +70,9 @@ class CGI
 	  @hash = {}
 	end
 	@p = ::PStore.new(path)
+	@p.transaction do |p|
+	  File.chmod(0600, p.path)
+	end
       end
 
       # Restore session state from the session's PStore file.
-- 
cgit v1.2.3