diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2016-10-11 16:26:32 +0200 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2016-10-11 16:26:32 +0200 |
| commit | 7fd0299555cbc2ab398f1387afd9935cb8eb17ae (patch) | |
| tree | 07b416b3df81bda68e712d79b4b040e9a5e2ae44 /Bugzilla | |
| parent | 9f4d372fd34f67baa925787c74a625427a7315d7 (diff) | |
| download | bugzilla-7fd0299555cbc2ab398f1387afd9935cb8eb17ae.tar.gz bugzilla-7fd0299555cbc2ab398f1387afd9935cb8eb17ae.tar.xz | |
Bug 1309229 - changing product results in Insecure dependency in parameter 3 of DBI::db=HASH(0x7f4caad58190)->selectcol_arrayref method call while running with -T switch at /data/www/bugzilla.mozilla.org/Bugzilla/Product.pm line 555.
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Memcached.pm | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm index cdadf4601..f73623720 100644 --- a/Bugzilla/Memcached.pm +++ b/Bugzilla/Memcached.pm @@ -12,6 +12,7 @@ use strict; use warnings; use Bugzilla::Error; +use Bugzilla::Util qw(trick_taint); use Scalar::Util qw(blessed); use URI::Escape; use Encode; @@ -246,7 +247,51 @@ sub _get { $key = $self->_encode_key($key) or return; - return $self->{memcached}->get($key); + my $value = $self->{memcached}->get($key); + return unless defined $value; + + # detaint returned values + # hashes and arrays are detainted just one level deep + if (ref($value) eq 'HASH') { + _detaint_hashref($value); + } + elsif (ref($value) eq 'ARRAY') { + foreach my $value (@$value) { + next unless defined $value; + # arrays of hashes and arrays are common + if (ref($value) eq 'HASH') { + _detaint_hashref($value); + } + elsif (ref($value) eq 'ARRAY') { + _detaint_arrayref($value); + } + elsif (!ref($value)) { + trick_taint($value); + } + } + } + elsif (!ref($value)) { + trick_taint($value); + } + return $value; +} + +sub _detaint_hashref { + my ($hashref) = @_; + foreach my $value (values %$hashref) { + if (defined($value) && !ref($value)) { + trick_taint($value); + } + } +} + +sub _detaint_arrayref { + my ($arrayref) = @_; + foreach my $value (@$arrayref) { + if (defined($value) && !ref($value)) { + trick_taint($value); + } + } } sub _delete { |