From d9ba51c35e379110795c08ee6f7dee3acfec1a59 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 11 Oct 2016 17:17:01 -0400
Subject: Bug 1309278 - Cache::Memcached::Fast returns tainted data if the key
 is tainted

r=dkl
---
 Bugzilla/Memcached.pm | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Bugzilla')

diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm
index 139824679..ed32fa27b 100644
--- a/Bugzilla/Memcached.pm
+++ b/Bugzilla/Memcached.pm
@@ -13,6 +13,7 @@ use warnings;
 
 use Bugzilla::Error;
 use Scalar::Util qw(blessed);
+use Bugzilla::Util qw(trick_taint);
 use URI::Escape;
 
 # memcached keys have a maximum length of 250 bytes
@@ -219,6 +220,7 @@ sub _config_prefix {
 sub _encode_key {
     my ($self, $key) = @_;
     $key = $self->_global_prefix . '.' . uri_escape_utf8($key);
+    trick_taint($key) if defined $key;
     return length($self->{namespace} . $key) > MAX_KEY_LENGTH
         ? undef
         : $key;
-- 
cgit v1.2.3-24-g4f1b