From: Dylan William Hardison <dylan@hardison.net>
Date: Tue, 11 Oct 2016 21:17:01 +0000 (-0400)
Subject: Bug 1309278 - Cache::Memcached::Fast returns tainted data if the key is tainted
X-Git-Tag: release-5.1.2~47
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9ba51c35e379110795c08ee6f7dee3acfec1a59;p=thirdparty%2Fbugzilla.git

Bug 1309278 - Cache::Memcached::Fast returns tainted data if the key is tainted

r=dkl
---

diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm
index 1398246791..ed32fa27b0 100644
--- a/Bugzilla/Memcached.pm
+++ b/Bugzilla/Memcached.pm
@@ -13,6 +13,7 @@ use warnings;
 
 use Bugzilla::Error;
 use Scalar::Util qw(blessed);
+use Bugzilla::Util qw(trick_taint);
 use URI::Escape;
 
 # memcached keys have a maximum length of 250 bytes
@@ -219,6 +220,7 @@ sub _config_prefix {
 sub _encode_key {
     my ($self, $key) = @_;
     $key = $self->_global_prefix . '.' . uri_escape_utf8($key);
+    trick_taint($key) if defined $key;
     return length($self->{namespace} . $key) > MAX_KEY_LENGTH
         ? undef
         : $key;