From 812ad9b3515aff6d9d870c2a11845b7416e40288 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sat, 24 Jan 2009 14:12:05 +0000 Subject: Bug 471613: Replace Bugzilla::Util::is_tainted() by Scalar::Util::tainted() - Patch by Nitish Bezzala r/a=LpSolit --- Bugzilla/Util.pm | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) (limited to 'Bugzilla/Util.pm') diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 8666b18ff..991bfedc1 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -31,7 +31,7 @@ package Bugzilla::Util; use strict; use base qw(Exporter); -@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural +@Bugzilla::Util::EXPORT = qw(trick_taint detaint_natural detaint_signed html_quote url_quote xml_quote css_class_quote html_light_quote url_decode @@ -56,16 +56,6 @@ use Digest; use Scalar::Util qw(tainted); use Text::Wrap; -# This is from the perlsec page, slightly modified to remove a warning -# From that page: -# This function makes use of the fact that the presence of -# tainted data anywhere within an expression renders the -# entire expression tainted. -# Don't ask me how it works... -sub is_tainted { - return not eval { my $foo = join('',@_), kill 0; 1; }; -} - sub trick_taint { require Carp; Carp::confess("Undef to trick_taint") unless defined $_[0]; @@ -640,7 +630,6 @@ Bugzilla::Util - Generic utility functions for bugzilla use Bugzilla::Util; # Functions for dealing with variable tainting - $rv = is_tainted($var); trick_taint($var); detaint_natural($var); detaint_signed($var); @@ -704,10 +693,6 @@ with care> to avoid security holes. =over 4 -=item C - -Determines whether a particular variable is tainted - =item C Tricks perl into untainting a particular variable. -- cgit v1.2.3-24-g4f1b