From 812ad9b3515aff6d9d870c2a11845b7416e40288 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sat, 24 Jan 2009 14:12:05 +0000
Subject: Bug 471613: Replace Bugzilla::Util::is_tainted() by
 Scalar::Util::tainted() - Patch by Nitish Bezzala <nbezzala@yahoo.com>
 r/a=LpSolit

---
 Bugzilla/Install/Util.pm |  7 ++-----
 Bugzilla/Util.pm         | 17 +----------------
 2 files changed, 3 insertions(+), 21 deletions(-)

diff --git a/Bugzilla/Install/Util.pm b/Bugzilla/Install/Util.pm
index 9cec8c435..250ab9157 100644
--- a/Bugzilla/Install/Util.pm
+++ b/Bugzilla/Install/Util.pm
@@ -31,6 +31,7 @@ use Bugzilla::Constants;
 use File::Basename;
 use POSIX qw(setlocale LC_CTYPE);
 use Safe;
+use Scalar::Util qw(tainted);
 
 use base qw(Exporter);
 our @EXPORT_OK = qw(
@@ -109,7 +110,7 @@ sub install_string {
     foreach my $key (@replace_keys) {
         my $replacement = $vars->{$key};
         die "'$key' in '$string_id' is tainted: '$replacement'"
-            if is_tainted($replacement);
+            if tainted($replacement);
         # We don't want people to start getting clever and inserting
         # ##variable## into their values. So we check if any other
         # key is listed in the *replacement* string, before doing
@@ -354,10 +355,6 @@ sub trick_taint {
     return (defined($_[0]));
 }
 
-sub is_tainted {
-    return not eval { my $foo = join('',@_), kill 0; 1; };
-}
-
 __END__
 
 =head1 NAME
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 8666b18ff..991bfedc1 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -31,7 +31,7 @@ package Bugzilla::Util;
 use strict;
 
 use base qw(Exporter);
-@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural
+@Bugzilla::Util::EXPORT = qw(trick_taint detaint_natural
                              detaint_signed
                              html_quote url_quote xml_quote
                              css_class_quote html_light_quote url_decode
@@ -56,16 +56,6 @@ use Digest;
 use Scalar::Util qw(tainted);
 use Text::Wrap;
 
-# This is from the perlsec page, slightly modified to remove a warning
-# From that page:
-#      This function makes use of the fact that the presence of
-#      tainted data anywhere within an expression renders the
-#      entire expression tainted.
-# Don't ask me how it works...
-sub is_tainted {
-    return not eval { my $foo = join('',@_), kill 0; 1; };
-}
-
 sub trick_taint {
     require Carp;
     Carp::confess("Undef to trick_taint") unless defined $_[0];
@@ -640,7 +630,6 @@ Bugzilla::Util - Generic utility functions for bugzilla
   use Bugzilla::Util;
 
   # Functions for dealing with variable tainting
-  $rv = is_tainted($var);
   trick_taint($var);
   detaint_natural($var);
   detaint_signed($var);
@@ -704,10 +693,6 @@ with care> to avoid security holes.
 
 =over 4
 
-=item C<is_tainted>
-
-Determines whether a particular variable is tainted
-
 =item C<trick_taint($val)>
 
 Tricks perl into untainting a particular variable.
-- 
cgit v1.2.3-24-g4f1b