From fbb2c9b08b2e397205e7250560a8a4edd2004ce9 Mon Sep 17 00:00:00 2001 From: "bbaetz%student.usyd.edu.au" <> Date: Wed, 10 Jul 2002 13:27:11 +0000 Subject: Bug 155793 - $::FORM is not tainted under perl 5.6.1 r=myk, jouni --- CGI.pl | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/CGI.pl b/CGI.pl index 4eeeaf5d2..c4130e14c 100644 --- a/CGI.pl +++ b/CGI.pl @@ -92,34 +92,24 @@ sub url_quote { } sub ParseUrlString { - # We don't want to detaint the user supplied data... - use re 'taint'; - my ($buffer, $f, $m) = (@_); undef %$f; undef %$m; my %isnull; - my $remaining = $buffer; - while ($remaining ne "") { - my $item; - if ($remaining =~ /^([^&]*)&(.*)$/) { - $item = $1; - $remaining = $2; - } else { - $item = $remaining; - $remaining = ""; - } - my $name; - my $value; - if ($item =~ /^([^=]*)=(.*)$/) { - $name = url_decode($1); - $value = url_decode($2); - } else { - $name = url_decode($item); - $value = ""; - } + # We must make sure that the CGI params remain tainted. + # This means that if for some reason you want to make this code + # use a regexp and $1, $2, ... (or use a helper function which does so) + # you must |use re 'taint'| _and_ make sure that you don't run into + # http://bugs.perl.org/perlbug.cgi?req=bug_id&bug_id=20020704.001 + my @args = split('&', $buffer); + foreach my $arg (@args) { + my ($name, $value) = split('=', $arg, 2); + $value = '' if not defined $value; + + $name = url_decode($name); + $value = url_decode($value); if ($value ne "") { if (defined $f->{$name}) { -- cgit v1.2.3-24-g4f1b