Bug 1309278 - Cache::Memcached::Fast returns tainted data if the key is tainted

r=dkl
author: Dylan William Hardison <dylan@hardison.net> 2016-10-11 23:17:01 +0200
committer: Dylan William Hardison <dylan@hardison.net> 2016-10-11 23:17:01 +0200
commit: d9ba51c35e379110795c08ee6f7dee3acfec1a59 (patch)
tree: 16e9693e612da88e5ea047bf0ba11fed47ddb41c /Bugzilla
parent: d328d4097f2e4f1bbbffaf913880ef11fe8b16a2 (diff)
download: bugzilla-d9ba51c35e379110795c08ee6f7dee3acfec1a59.tar.gz
bugzilla-d9ba51c35e379110795c08ee6f7dee3acfec1a59.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm
index 139824679..ed32fa27b 100644
--- a/Bugzilla/Memcached.pm
+++ b/Bugzilla/Memcached.pm
@@ -13,6 +13,7 @@ use warnings;
 
 use Bugzilla::Error;
 use Scalar::Util qw(blessed);
+use Bugzilla::Util qw(trick_taint);
 use URI::Escape;
 
 # memcached keys have a maximum length of 250 bytes
@@ -219,6 +220,7 @@ sub _config_prefix {
 sub _encode_key {
     my ($self, $key) = @_;
     $key = $self->_global_prefix . '.' . uri_escape_utf8($key);
+    trick_taint($key) if defined $key;
     return length($self->{namespace} . $key) > MAX_KEY_LENGTH
         ? undef
         : $key;
author	Dylan William Hardison <dylan@hardison.net>	2016-10-11 23:17:01 +0200
committer	Dylan William Hardison <dylan@hardison.net>	2016-10-11 23:17:01 +0200
commit	d9ba51c35e379110795c08ee6f7dee3acfec1a59 (patch)
tree	16e9693e612da88e5ea047bf0ba11fed47ddb41c /Bugzilla
parent	d328d4097f2e4f1bbbffaf913880ef11fe8b16a2 (diff)
download	bugzilla-d9ba51c35e379110795c08ee6f7dee3acfec1a59.tar.gz bugzilla-d9ba51c35e379110795c08ee6f7dee3acfec1a59.tar.xz