From b955c8d1282ac7c0762c7a12dd8549e13110bfb1 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 11 Oct 2016 17:18:08 -0400
Subject: Bug 1309278 - Cache::Memcached::Fast returns tainted data if the key
 is tainted

---
 Bugzilla/Memcached.pm | 49 +++----------------------------------------------
 1 file changed, 3 insertions(+), 46 deletions(-)

diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm
index f73623720..a1b8a5ac7 100644
--- a/Bugzilla/Memcached.pm
+++ b/Bugzilla/Memcached.pm
@@ -12,8 +12,8 @@ use strict;
 use warnings;
 
 use Bugzilla::Error;
-use Bugzilla::Util qw(trick_taint);
 use Scalar::Util qw(blessed);
+use Bugzilla::Util qw(trick_taint);
 use URI::Escape;
 use Encode;
 use Sys::Syslog qw(:DEFAULT);
@@ -224,6 +224,7 @@ sub _config_prefix {
 sub _encode_key {
     my ($self, $key) = @_;
     $key = $self->_global_prefix . '.' . uri_escape_utf8($key);
+    trick_taint($key) if defined $key;
     return length($self->{namespace} . $key) > MAX_KEY_LENGTH
         ? undef
         : $key;
@@ -247,51 +248,7 @@ sub _get {
 
     $key = $self->_encode_key($key)
         or return;
-    my $value = $self->{memcached}->get($key);
-    return unless defined $value;
-
-    # detaint returned values
-    # hashes and arrays are detainted just one level deep
-    if (ref($value) eq 'HASH') {
-        _detaint_hashref($value);
-    }
-    elsif (ref($value) eq 'ARRAY') {
-        foreach my $value (@$value) {
-            next unless defined $value;
-            # arrays of hashes and arrays are common
-            if (ref($value) eq 'HASH') {
-                _detaint_hashref($value);
-            }
-            elsif (ref($value) eq 'ARRAY') {
-                _detaint_arrayref($value);
-            }
-            elsif (!ref($value)) {
-                trick_taint($value);
-            }
-        }
-    }
-    elsif (!ref($value)) {
-        trick_taint($value);
-    }
-    return $value;
-}
-
-sub _detaint_hashref {
-    my ($hashref) = @_;
-    foreach my $value (values %$hashref) {
-        if (defined($value) && !ref($value)) {
-            trick_taint($value);
-        }
-    }
-}
-
-sub _detaint_arrayref {
-    my ($arrayref) = @_;
-    foreach my $value (@$arrayref) {
-        if (defined($value) && !ref($value)) {
-            trick_taint($value);
-        }
-    }
+    return $self->{memcached}->get($key);
 }
 
 sub _delete {
-- 
cgit v1.2.3-24-g4f1b