udmsearch-3.0.18/frontends/perl/mysql-perl/search.pl contains the code:
open FILE,">/tmp/tmp.arg";
print FILE "words: $words \n";
close(FILE);
This code is uncommented and the file does not seem to be ever used
again, from search.pl or elsewhere. This appears to be a debugging
hook. It is dangerous to write to a predictably-named file in a
publically accessible directory; I think this code should be removed.
(Even if it were safe, the code could still fail when more than one
instance of search.pl were running simultaneously.)
--
Shields, AboveNet/MFN.
______________
If you want to unsubscribe send "unsubscribe udmsearch"
to [EMAIL PROTECTED]
