diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2017-04-13 22:19:44 +0200 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2017-04-18 15:52:34 +0200 |
| commit | cfded4d89f7059a92239b0eb9daa452d9019e9fd (patch) | |
| tree | dfb83a0af898c68d0a12b5c393214e591a6b48ca /Bugzilla | |
| parent | a05a88ce677419342d0159d73c159558899b277d (diff) | |
| download | bugzilla-cfded4d89f7059a92239b0eb9daa452d9019e9fd.tar.gz bugzilla-cfded4d89f7059a92239b0eb9daa452d9019e9fd.tar.xz | |
Bug 1355142 - Implement trick_taint in terms of Taint::Util::untaint()
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Util.pm | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 4371441a0..ca8187c5f 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -43,13 +43,12 @@ use Text::Wrap; use Encode qw(encode decode resolve_alias); use Encode::Guess; use POSIX qw(floor ceil); +use Taint::Util qw(untaint); sub trick_taint { - require Carp; - Carp::confess("Undef to trick_taint") unless defined $_[0]; - my $match = $_[0] =~ /^(.*)$/s; - $_[0] = $match ? $1 : undef; - return (defined($_[0])); + untaint($_[0]); + + return defined $_[0]; } sub detaint_natural { @@ -376,7 +375,7 @@ sub is_ipv6 { my $ipv6 = join(':', @chunks); # The IP address is valid and can now be detainted. - trick_taint($ipv6); + untaint($ipv6); # Need to handle the exception of trailing :: being valid. return "${ipv6}::" if $ip =~ /::$/; @@ -655,7 +654,7 @@ sub bz_crypt { # HACK: Perl has bug where returned crypted password is considered # tainted. See http://rt.perl.org/rt3/Public/Bug/Display.html?id=59998 unless(tainted($password) || tainted($salt)) { - trick_taint($crypted_password); + untaint($crypted_password); } } else { @@ -697,7 +696,7 @@ sub validate_email_syntax { && length($email) <= 127) { # We assume these checks to suffice to consider the address untainted. - trick_taint($_[0]); + untaint($_[0]); return 1; } return 0; |