From cfded4d89f7059a92239b0eb9daa452d9019e9fd Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Thu, 13 Apr 2017 16:19:44 -0400 Subject: Bug 1355142 - Implement trick_taint in terms of Taint::Util::untaint() --- Bugzilla/Util.pm | 15 +++++++-------- Makefile.PL | 1 + 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 4371441a0..ca8187c5f 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -43,13 +43,12 @@ use Text::Wrap; use Encode qw(encode decode resolve_alias); use Encode::Guess; use POSIX qw(floor ceil); +use Taint::Util qw(untaint); sub trick_taint { - require Carp; - Carp::confess("Undef to trick_taint") unless defined $_[0]; - my $match = $_[0] =~ /^(.*)$/s; - $_[0] = $match ? $1 : undef; - return (defined($_[0])); + untaint($_[0]); + + return defined $_[0]; } sub detaint_natural { @@ -376,7 +375,7 @@ sub is_ipv6 { my $ipv6 = join(':', @chunks); # The IP address is valid and can now be detainted. - trick_taint($ipv6); + untaint($ipv6); # Need to handle the exception of trailing :: being valid. return "${ipv6}::" if $ip =~ /::$/; @@ -655,7 +654,7 @@ sub bz_crypt { # HACK: Perl has bug where returned crypted password is considered # tainted. See http://rt.perl.org/rt3/Public/Bug/Display.html?id=59998 unless(tainted($password) || tainted($salt)) { - trick_taint($crypted_password); + untaint($crypted_password); } } else { @@ -697,7 +696,7 @@ sub validate_email_syntax { && length($email) <= 127) { # We assume these checks to suffice to consider the address untainted. - trick_taint($_[0]); + untaint($_[0]); return 1; } return 0; diff --git a/Makefile.PL b/Makefile.PL index 4499aec1d..d3ee9ae89 100755 --- a/Makefile.PL +++ b/Makefile.PL @@ -61,6 +61,7 @@ my %requires = ( 'Throwable' => 0, 'URI' => '1.55', 'version' => '0.87', + 'Taint::Util' => 0, ); my %build_requires = ( 'ExtUtils::MakeMaker' => '6.57_07', -- cgit v1.2.3-24-g4f1b