summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Util.pm15
-rwxr-xr-xMakefile.PL1
2 files changed, 8 insertions, 8 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 4371441a0..ca8187c5f 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -43,13 +43,12 @@ use Text::Wrap;
use Encode qw(encode decode resolve_alias);
use Encode::Guess;
use POSIX qw(floor ceil);
+use Taint::Util qw(untaint);
sub trick_taint {
- require Carp;
- Carp::confess("Undef to trick_taint") unless defined $_[0];
- my $match = $_[0] =~ /^(.*)$/s;
- $_[0] = $match ? $1 : undef;
- return (defined($_[0]));
+ untaint($_[0]);
+
+ return defined $_[0];
}
sub detaint_natural {
@@ -376,7 +375,7 @@ sub is_ipv6 {
my $ipv6 = join(':', @chunks);
# The IP address is valid and can now be detainted.
- trick_taint($ipv6);
+ untaint($ipv6);
# Need to handle the exception of trailing :: being valid.
return "${ipv6}::" if $ip =~ /::$/;
@@ -655,7 +654,7 @@ sub bz_crypt {
# HACK: Perl has bug where returned crypted password is considered
# tainted. See http://rt.perl.org/rt3/Public/Bug/Display.html?id=59998
unless(tainted($password) || tainted($salt)) {
- trick_taint($crypted_password);
+ untaint($crypted_password);
}
}
else {
@@ -697,7 +696,7 @@ sub validate_email_syntax {
&& length($email) <= 127)
{
# We assume these checks to suffice to consider the address untainted.
- trick_taint($_[0]);
+ untaint($_[0]);
return 1;
}
return 0;
diff --git a/Makefile.PL b/Makefile.PL
index 4499aec1d..d3ee9ae89 100755
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -61,6 +61,7 @@ my %requires = (
'Throwable' => 0,
'URI' => '1.55',
'version' => '0.87',
+ 'Taint::Util' => 0,
);
my %build_requires = (
'ExtUtils::MakeMaker' => '6.57_07',