]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d328d40)
Bug 1309278 - Cache::Memcached::Fast returns tainted data if the key is tainted
authorDylan William Hardison <dylan@hardison.net>
Tue, 11 Oct 2016 21:17:01 +0000 (17:17 -0400)
committerDylan William Hardison <dylan@hardison.net>
Tue, 11 Oct 2016 21:17:01 +0000 (17:17 -0400)
r=dkl

Bugzilla/Memcached.pm patch | blob | blame | history

diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm
index 139824679162d996e5a35139038b0d2a96368ee8..ed32fa27b07f6d3955bce1a2b9581f791f6ad987 100644 (file)
--- a/Bugzilla/Memcached.pm
+++ b/Bugzilla/Memcached.pm
@@ -13,6 +13,7 @@ use warnings;
 
 use Bugzilla::Error;
 use Scalar::Util qw(blessed);
+use Bugzilla::Util qw(trick_taint);
 use URI::Escape;
 
 # memcached keys have a maximum length of 250 bytes
@@ -219,6 +220,7 @@ sub _config_prefix {
 sub _encode_key {
     my ($self, $key) = @_;
     $key = $self->_global_prefix . '.' . uri_escape_utf8($key);
+    trick_taint($key) if defined $key;
     return length($self->{namespace} . $key) > MAX_KEY_LENGTH
         ? undef
         : $key;
Mirror of https://github.com/bugzilla/bugzilla.git