diff options
Diffstat (limited to 'Bugzilla/WebService/Server/XMLRPC.pm')
-rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index c85614f7a..b2a50712a 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -68,6 +68,18 @@ eval { require XMLRPC::Lite; }; our @ISA = qw(XMLRPC::Deserializer); use Bugzilla::Error; +use Scalar::Util qw(tainted); + +sub deserialize { + my $self = shift; + my ($xml) = @_; + my $som = $self->SUPER::deserialize(@_); + if (tainted($xml)) { + $som->{_bz_do_taint} = 1; + } + bless $som, 'Bugzilla::XMLRPC::SOM'; + return $som; +} # Some method arguments need to be converted in some way, when they are input. sub decode_value { @@ -126,6 +138,23 @@ sub _validation_subs { 1; +package Bugzilla::XMLRPC::SOM; +use strict; +eval { require XMLRPC::Lite; }; +our @ISA = qw(XMLRPC::SOM); +use Bugzilla::WebService::Util qw(taint_data); + +sub paramsin { + my $self = shift; + my $params = $self->SUPER::paramsin(@_); + if ($self->{_bz_do_taint}) { + taint_data($params); + } + return $params; +} + +1; + # This package exists to fix a UTF-8 bug in SOAP::Lite. # See http://rt.cpan.org/Public/Bug/Display.html?id=32952. package Bugzilla::XMLRPC::Serializer; |