From aa96bd6f2a1c177505b39cd9cf9086803499a0a5 Mon Sep 17 00:00:00 2001 From: "bbaetz%student.usyd.edu.au" <> Date: Wed, 16 Oct 2002 17:49:51 +0000 Subject: Bug 174524 - Tidy up Bugzilla::{Util,Config}, and lazily-load unneeded modules r=joel x2 --- Bugzilla/Util.pm | 208 +++++++++++++++++++++++++------------------------------ 1 file changed, 94 insertions(+), 114 deletions(-) (limited to 'Bugzilla/Util.pm') diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index f8d9c954f..4d1fc3aa6 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -25,6 +25,100 @@ package Bugzilla::Util; +use base qw(Exporter); +@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural + html_quote value_quote + lsearch max min + trim); + +use strict; + +# This is from the perlsec page, slightly modifed to remove a warning +# From that page: +# This function makes use of the fact that the presence of +# tainted data anywhere within an expression renders the +# entire expression tainted. +# Don't ask me how it works... +sub is_tainted { + return not eval { my $foo = join('',@_), kill 0; 1; }; +} + +sub trick_taint { + $_[0] =~ /^(.*)$/s; + $_[0] = $1; + return (defined($_[0])); +} + +sub detaint_natural { + $_[0] =~ /^(\d+)$/; + $_[0] = $1; + return (defined($_[0])); +} + +sub html_quote { + my ($var) = (@_); + $var =~ s/\&/\&/g; + $var =~ s//\>/g; + $var =~ s/\"/\"/g; + return $var; +} + +sub value_quote { + my ($var) = (@_); + $var =~ s/\&/\&/g; + $var =~ s//\>/g; + $var =~ s/\"/\"/g; + # See bug http://bugzilla.mozilla.org/show_bug.cgi?id=4928 for + # explanaion of why bugzilla does this linebreak substitution. + # This caused form submission problems in mozilla (bug 22983, 32000). + $var =~ s/\r\n/\ /g; + $var =~ s/\n\r/\ /g; + $var =~ s/\r/\ /g; + $var =~ s/\n/\ /g; + return $var; +} + +sub lsearch { + my ($list,$item) = (@_); + my $count = 0; + foreach my $i (@$list) { + if ($i eq $item) { + return $count; + } + $count++; + } + return -1; +} + +sub max { + my $max = shift(@_); + foreach my $val (@_) { + $max = $val if $val > $max; + } + return $max; +} + +sub min { + my $min = shift(@_); + foreach my $val (@_) { + $min = $val if $val < $min; + } + return $min; +} + +sub trim { + my ($str) = @_; + $str =~ s/^\s+//g; + $str =~ s/\s+$//g; + return $str; +} + +1; + +__END__ + =head1 NAME Bugzilla::Util - Generic utility functions for bugzilla @@ -60,16 +154,6 @@ people feel might be useful somewhere, someday>. Do not add methods to this package unless it is intended to be used for a significant number of files, and it does not belong anywhere else. -=cut - -use base qw(Exporter); -@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural - html_quote value_quote - lsearch max min - trim); - -use strict; - =head1 FUNCTIONS This package provides several types of routines: @@ -85,18 +169,6 @@ with care> to avoid security holes. Determines whether a particular variable is tainted -=cut - -# This is from the perlsec page, slightly modifed to remove a warning -# From that page: -# This function makes use of the fact that the presence of -# tainted data anywhere within an expression renders the -# entire expression tainted. -# Don't ask me how it works... -sub is_tainted { - return not eval { my $foo = join('',@_), kill 0; 1; }; -} - =item C Tricks perl into untainting a particular variable. @@ -108,28 +180,12 @@ B -=cut - -sub trick_taint { - $_[0] =~ /^(.*)$/s; - $_[0] = $1; - return (defined($_[0])); -} - =item C This routine detaints a natural number. It returns a true value if the value passed in was a valid natural number, else it returns false. You B check the result of this routine to avoid security holes. -=cut - -sub detaint_natural { - $_[0] =~ /^(\d+)$/; - $_[0] = $1; - return (defined($_[0])); -} - =back =head2 Quoting @@ -144,40 +200,11 @@ be done in the template where possible. Returns a value quoted for use in HTML, with &, E, E, and E<34> being replaced with their appropriate HTML entities. -=cut - -sub html_quote { - my ($var) = (@_); - $var =~ s/\&/\&/g; - $var =~ s//\>/g; - $var =~ s/\"/\"/g; - return $var; -} - =item C As well as escaping html like C, this routine converts newlines into , suitable for use in html attributes. -=cut - -sub value_quote { - my ($var) = (@_); - $var =~ s/\&/\&/g; - $var =~ s//\>/g; - $var =~ s/\"/\"/g; - # See bug http://bugzilla.mozilla.org/show_bug.cgi?id=4928 for - # explanaion of why bugzilla does this linebreak substitution. - # This caused form submission problems in mozilla (bug 22983, 32000). - $var =~ s/\r\n/\ /g; - $var =~ s/\n\r/\ /g; - $var =~ s/\r/\ /g; - $var =~ s/\n/\ /g; - return $var; -} - =back =head2 Searching @@ -193,48 +220,14 @@ reference. If the item is not in the list, returns -1. -=cut - -sub lsearch { - my ($list,$item) = (@_); - my $count = 0; - foreach my $i (@$list) { - if ($i eq $item) { - return $count; - } - $count++; - } - return -1; -} - =item C Returns the maximum from a set of values. -=cut - -sub max { - my $max = shift(@_); - foreach my $val (@_) { - $max = $val if $val > $max; - } - return $max; -} - =item C Returns the minimum from a set of values. -=cut - -sub min { - my $min = shift(@_); - foreach my $val (@_) { - $min = $val if $val < $min; - } - return $min; -} - =back =head2 Trimming @@ -246,17 +239,4 @@ sub min { Removes any leading or trailing whitespace from a string. This routine does not modify the existing string. -=cut - -sub trim { - my ($str) = @_; - $str =~ s/^\s+//g; - $str =~ s/\s+$//g; - return $str; -} - =back - -=cut - -1; -- cgit v1.2.3-24-g4f1b