summaryrefslogtreecommitdiffstats
path: root/Bugzilla/WebService/Server/XMLRPC.pm
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/WebService/Server/XMLRPC.pm')
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm29
1 files changed, 29 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index c85614f7a..b2a50712a 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -68,6 +68,18 @@ eval { require XMLRPC::Lite; };
our @ISA = qw(XMLRPC::Deserializer);
use Bugzilla::Error;
+use Scalar::Util qw(tainted);
+
+sub deserialize {
+ my $self = shift;
+ my ($xml) = @_;
+ my $som = $self->SUPER::deserialize(@_);
+ if (tainted($xml)) {
+ $som->{_bz_do_taint} = 1;
+ }
+ bless $som, 'Bugzilla::XMLRPC::SOM';
+ return $som;
+}
# Some method arguments need to be converted in some way, when they are input.
sub decode_value {
@@ -126,6 +138,23 @@ sub _validation_subs {
1;
+package Bugzilla::XMLRPC::SOM;
+use strict;
+eval { require XMLRPC::Lite; };
+our @ISA = qw(XMLRPC::SOM);
+use Bugzilla::WebService::Util qw(taint_data);
+
+sub paramsin {
+ my $self = shift;
+ my $params = $self->SUPER::paramsin(@_);
+ if ($self->{_bz_do_taint}) {
+ taint_data($params);
+ }
+ return $params;
+}
+
+1;
+
# This package exists to fix a UTF-8 bug in SOAP::Lite.
# See http://rt.cpan.org/Public/Bug/Display.html?id=32952.
package Bugzilla::XMLRPC::Serializer;
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-04-30 14:23:46 +0200