summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2016-10-11 23:17:01 +0200
committerDylan William Hardison <dylan@hardison.net>2016-10-11 23:17:01 +0200
commitd9ba51c35e379110795c08ee6f7dee3acfec1a59 (patch)
tree16e9693e612da88e5ea047bf0ba11fed47ddb41c
parentd328d4097f2e4f1bbbffaf913880ef11fe8b16a2 (diff)
downloadbugzilla-d9ba51c35e379110795c08ee6f7dee3acfec1a59.tar.gz
bugzilla-d9ba51c35e379110795c08ee6f7dee3acfec1a59.tar.xz
Bug 1309278 - Cache::Memcached::Fast returns tainted data if the key is tainted
r=dkl
-rw-r--r--Bugzilla/Memcached.pm2
1 files changed, 2 insertions, 0 deletions
diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm
index 139824679..ed32fa27b 100644
--- a/Bugzilla/Memcached.pm
+++ b/Bugzilla/Memcached.pm
@@ -13,6 +13,7 @@ use warnings;
use Bugzilla::Error;
use Scalar::Util qw(blessed);
+use Bugzilla::Util qw(trick_taint);
use URI::Escape;
# memcached keys have a maximum length of 250 bytes
@@ -219,6 +220,7 @@ sub _config_prefix {
sub _encode_key {
my ($self, $key) = @_;
$key = $self->_global_prefix . '.' . uri_escape_utf8($key);
+ trick_taint($key) if defined $key;
return length($self->{namespace} . $key) > MAX_KEY_LENGTH
? undef
: $key;