From fbb2c9b08b2e397205e7250560a8a4edd2004ce9 Mon Sep 17 00:00:00 2001
From: "bbaetz%student.usyd.edu.au" <>
Date: Wed, 10 Jul 2002 13:27:11 +0000
Subject: Bug 155793 - $::FORM is not tainted under perl 5.6.1 r=myk, jouni

---
 CGI.pl | 34 ++++++++++++----------------------
 1 file changed, 12 insertions(+), 22 deletions(-)

(limited to 'CGI.pl')

diff --git a/CGI.pl b/CGI.pl
index 4eeeaf5d2..c4130e14c 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -92,34 +92,24 @@ sub url_quote {
 }
 
 sub ParseUrlString {
-    # We don't want to detaint the user supplied data...
-    use re 'taint';
-
     my ($buffer, $f, $m) = (@_);
     undef %$f;
     undef %$m;
 
     my %isnull;
-    my $remaining = $buffer;
-    while ($remaining ne "") {
-        my $item;
-        if ($remaining =~ /^([^&]*)&(.*)$/) {
-            $item = $1;
-            $remaining = $2;
-        } else {
-            $item = $remaining;
-            $remaining = "";
-        }
 
-        my $name;
-        my $value;
-        if ($item =~ /^([^=]*)=(.*)$/) {
-            $name = url_decode($1);
-            $value = url_decode($2);
-        } else {
-            $name = url_decode($item);
-            $value = "";
-        }
+    # We must make sure that the CGI params remain tainted.
+    # This means that if for some reason you want to make this code
+    # use a regexp and $1, $2, ... (or use a helper function which does so)
+    # you must |use re 'taint'| _and_ make sure that you don't run into
+    # http://bugs.perl.org/perlbug.cgi?req=bug_id&bug_id=20020704.001
+    my @args = split('&', $buffer);
+    foreach my $arg (@args) {
+        my ($name, $value) = split('=', $arg, 2);
+        $value = '' if not defined $value;
+
+        $name = url_decode($name);
+        $value = url_decode($value);
 
         if ($value ne "") {
             if (defined $f->{$name}) {
-- 
cgit v1.2.3-24-g4f1b