From 681641370ce8422109c811db9ee17b690ddf639c Mon Sep 17 00:00:00 2001
From: Ron Lee <ron@debian.org>
Date: Sat, 1 Dec 2001 13:51:24 +0000
Subject: [PATCH] Added wxFile::write_excl and use it from wxTempFile to
 securely open the temporary file.

git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@12801 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775
---
 include/wx/file.h   |  2 +-
 src/common/file.cpp | 16 ++++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/include/wx/file.h b/include/wx/file.h
index 8331e9d8df..0c644bfe03 100644
--- a/include/wx/file.h
+++ b/include/wx/file.h
@@ -58,7 +58,7 @@ public:
   // more file constants
   // -------------------
     // opening mode
-  enum OpenMode { read, write, read_write, write_append };
+  enum OpenMode { read, write, read_write, write_append, write_excl };
     // standard values for file descriptor
   enum { fd_invalid = -1, fd_stdin, fd_stdout, fd_stderr };
 
diff --git a/src/common/file.cpp b/src/common/file.cpp
index 0973ec9c38..6f29068b42 100644
--- a/src/common/file.cpp
+++ b/src/common/file.cpp
@@ -231,6 +231,10 @@ bool wxFile::Open(const wxChar *szFileName, OpenMode mode, int accessMode)
             flags |= O_WRONLY | O_CREAT | O_TRUNC;
             break;
 
+        case write_excl:
+            flags |= O_WRONLY | O_CREAT | O_EXCL;
+            break;
+
         case read_write:
             flags |= O_RDWR;
             break;
@@ -518,12 +522,20 @@ bool wxTempFile::Open(const wxString& strName)
     else
     {
         // file probably didn't exist, just create with default mode _using_
-        // user's umask (new files creation should respet umask)
+        // user's umask (new files creation should respect umask)
         changedUmask = FALSE;
     }
 #endif // Unix
 
-    bool ok = m_file.Open(m_strTemp, wxFile::write, access);
+    // Open this file securely, since it surely should not exist unless
+    // nefarious activities (or other random bad things) are at play.
+
+    bool ok = m_file.Open(m_strTemp, wxFile::write_excl, access);
+
+    // FIXME: If !ok here should we loop and try again with another file
+    //        name?  That is the standard recourse if open(O_EXCL) fails,
+    //        though of course it should be protected against possible
+    //        infinite looping too.
 
 #ifdef __UNIX__
     if ( changedUmask )
-- 
2.45.2