From cfded4d89f7059a92239b0eb9daa452d9019e9fd Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Thu, 13 Apr 2017 16:19:44 -0400
Subject: Bug 1355142 - Implement trick_taint in terms of
 Taint::Util::untaint()

---
 Bugzilla/Util.pm | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 4371441a0..ca8187c5f 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -43,13 +43,12 @@ use Text::Wrap;
 use Encode qw(encode decode resolve_alias);
 use Encode::Guess;
 use POSIX qw(floor ceil);
+use Taint::Util qw(untaint);
 
 sub trick_taint {
-    require Carp;
-    Carp::confess("Undef to trick_taint") unless defined $_[0];
-    my $match = $_[0] =~ /^(.*)$/s;
-    $_[0] = $match ? $1 : undef;
-    return (defined($_[0]));
+    untaint($_[0]);
+
+    return defined $_[0];
 }
 
 sub detaint_natural {
@@ -376,7 +375,7 @@ sub is_ipv6 {
 
     my $ipv6 = join(':', @chunks);
     # The IP address is valid and can now be detainted.
-    trick_taint($ipv6);
+    untaint($ipv6);
 
     # Need to handle the exception of trailing :: being valid.
     return "${ipv6}::" if $ip =~ /::$/;
@@ -655,7 +654,7 @@ sub bz_crypt {
         # HACK: Perl has bug where returned crypted password is considered
         # tainted. See http://rt.perl.org/rt3/Public/Bug/Display.html?id=59998
         unless(tainted($password) || tainted($salt)) {
-            trick_taint($crypted_password);
+            untaint($crypted_password);
         } 
     }
     else {
@@ -697,7 +696,7 @@ sub validate_email_syntax {
         && length($email) <= 127)
     {
         # We assume these checks to suffice to consider the address untainted.
-        trick_taint($_[0]);
+        untaint($_[0]);
         return 1;
     }
     return 0;
-- 
cgit v1.2.3-24-g4f1b