$user_id, remote_ip(), $user_agent, $request_url, $method,
$bug_id, $attach_id, $action, $server
);
- foreach my $param (@params) {
- trick_taint($param) if defined $param;
- }
eval {
local request_cache->{dbh};
use CGI::Compile;
use Try::Tiny;
-use Taint::Util qw(untaint);
use Sys::Hostname;
use Sub::Quote 2.005000;
use Sub::Name;
my $package = __PACKAGE__ . "::$name", my $inner_name = "_$name";
my $content = path(bz_locations->{cgi_path}, $file)->slurp;
$content = "package $package; $content";
- untaint($content);
my %options = (package => $package, file => $file, line => 1, no_defer => 1,);
die "Tried to load $file more than once" if $SEEN{$file}++;
my $inner = quote_sub $inner_name, $content, {}, \%options;
{
ThrowUserError("invalid_content_type", {contenttype => $content_type});
}
- trick_taint($content_type);
return $content_type;
}
# Truncate the filename to 100 characters, counting from the end of the
# string to make sure we keep the filename extension.
$filename = substr($filename, -100, 100);
- trick_taint($filename);
return $filename;
}
use strict;
use warnings;
-use Bugzilla::Util qw(trick_taint);
-
sub new {
return bless({}, shift);
}
my $dbh = Bugzilla->dbh;
my $sth = $dbh->prepare(
"INSERT INTO attach_data (id, thedata) VALUES ($attach_id, ?)");
- trick_taint($data);
$sth->bind_param(1, $data, $dbh->BLOB_TYPE);
$sth->execute();
}
@{$cgi->{'Bugzilla_cookie_list'}};
$user_id = $cookie->value if $cookie;
}
- trick_taint($login_cookie) if $login_cookie;
$self->cookie($login_cookie);
# If the call is for a web service, and an api token is provided, check
# Anything goes for these params - they're just strings which
# we're going to verify against the db
- trick_taint($login_cookie);
detaint_natural($user_id);
my $db_cookie = $dbh->selectrow_array(
= Bugzilla::Token::GenerateUniqueToken('logincookies', 'cookie');
my $ip_addr = remote_ip();
- trick_taint($ip_addr);
$dbh->do('INSERT INTO logincookies (cookie, userid, ipaddr, lastused)
VALUES (?, ?, ?, NOW())', undef, $login_cookie, $user->id, $ip_addr);
# logged in and got the same cookie, we could be logging the other
# user out here. Yes, this is very very very unlikely, but why take
# chances? - bbaetz
- map { trick_taint($_) } @login_cookies;
@login_cookies = map { $dbh->quote($_) } @login_cookies;
if ($type == LOGOUT_KEEP_CURRENT) {
$dbh->do(
my $username_user_id = login_to_id($username || '');
my $extern_user_id;
if ($extern_id) {
- trick_taint($extern_id);
$extern_user_id = $dbh->selectrow_array(
'SELECT userid
FROM profiles WHERE extern_id = ?', undef, $extern_id
# external authentication
# systems might follow different standards than ours. So in this
- # place here, we call trick_taint without checks.
- trick_taint($password);
# XXX Theoretically this could fail with an error, but the fix for
# that is too involved to be done right now.
# $real_name is more than likely tainted, but we only use it
# in a placeholder and we never use it after this.
- trick_taint($real_name);
$user->set_name($real_name);
$user_updated = 1;
}
$tag = clean_text($tag);
$tag || ThrowUserError('no_tag_to_edit');
ThrowUserError('tag_name_too_long') if length($tag) > MAX_LEN_QUERY_NAME;
- trick_taint($tag);
# Tags are all lowercase.
return lc($tag);
my $field_values = $class->run_create_validators($params);
my $value = $field_values->{value}->as_string;
- trick_taint($value);
$field_values->{value} = $value;
# We only add the new URI if it hasn't been added yet. URIs are
my ($alias) = @_;
return undef unless Bugzilla->params->{"usebugaliases"};
my $dbh = Bugzilla->dbh;
- trick_taint($alias);
return $dbh->selectrow_array("SELECT bug_id FROM bugs WHERE alias = ?",
undef, $alias);
}
# Only consider changes since $starttime, if given.
my $datepart = "";
if (defined $starttime) {
- trick_taint($starttime);
push(@args, $starttime);
$datepart = "AND bug_when > ?";
}
else {
$added = ""; # no more entries
}
- trick_taint($addstr);
- trick_taint($removestr);
my $fieldid = get_field_id($col);
$dbh->do(
"INSERT INTO bugs_activity
$weighted->update();
}
}
- trick_taint($tag);
$sth_delete->execute($self->id, $tag);
$sth_activity->execute($self->bug_id, $self->id, Bugzilla->user->id, $when, '',
$tag);
else {
Bugzilla::Comment::TagWeights->create({tag => $tag, weight => 1});
}
- trick_taint($tag);
$sth_insert->execute($self->id, $tag);
$sth_activity->execute($self->bug_id, $self->id, Bugzilla->user->id, $when,
$tag, '');
sub quote {
my $self = shift;
my $retval = $self->dbh->quote(@_);
- trick_taint($retval) if defined $retval;
return $retval;
}
# in LIKE search clauses
@words = map($self->quote("\%$_\%"), @words);
- # untaint words, since they are safe to use now that we've quoted them
- trick_taint($_) foreach @words;
-
# turn the words into a set of LIKE search clauses
@words = map("LOWER($column) LIKE $_", @words);
# quote the text for use in the MATCH AGAINST expression
$text = $self->quote($text);
- # untaint the text, since it's safe to use now that we've quoted it
- trick_taint($text);
-
return "MATCH($column) AGAINST($text $mode)";
}
sub sql_fulltext_search {
my ($self, $column, $text) = @_;
$text = $self->quote($text);
- trick_taint($text);
$fulltext_label++;
return "CONTAINS($column,$text,$fulltext_label) > 0", "SCORE($fulltext_label)";
}
use Moo;
use Bugzilla::Elastic::Search;
-use Bugzilla::Util qw(trick_taint);
with 'Bugzilla::Elastic::Role::HasClient';
use Moo;
use Bugzilla::Search;
use Bugzilla::Search::Quicksearch;
-use Bugzilla::Util qw(trick_taint);
use namespace::clean;
use Bugzilla::Elastic::Search::FakeCGI;
$source->{relevance} = $hit->{_score};
foreach my $val (values %$source) {
next unless defined $val;
- trick_taint($val);
}
- trick_taint($hit->{_id});
if ($source) {
$hits{$hit->{_id}} = [@$source{@fields}];
}
use File::Basename;
use File::Spec;
-use Taint::Util qw(untaint);
BEGIN { push @INC, \&INC_HOOK }
= Cwd::realpath(File::Spec->catpath($vol, File::Spec->catdir(@dirs), $file));
my $first = 1;
- untaint($real_file);
$INC{$fake_file} = $real_file;
my $found = open my $fh, '<', $real_file;
unless ($found) {
if (!$first) {
return 0 if eof $fh;
$_ = readline $fh or return 0;
- untaint($_);
return 1;
}
else {
or !grep { $_ eq $value } @$legalsRef)
{
return 0 if $no_warn; # We don't want an error to be thrown; return.
- trick_taint($name);
my $field = new Bugzilla::Field({name => $name});
my $field_desc = $field ? $field->description : $name;
my ($name) = @_;
my $dbh = Bugzilla->dbh;
- trick_taint($name);
my $id = $dbh->selectrow_array(
'SELECT id FROM fielddefs
WHERE name = ?', undef, $name
});
my $status = $cgi->param("flag_type-$type_id");
- trick_taint($status);
my @logins = $cgi->param("requestee_type-$type_id");
if ($status eq "?" && scalar(@logins)) {
my ($invocant, $group) = @_;
return unless $group;
- trick_taint($group);
$group = Bugzilla::Group->check($group);
return $group->id;
}
if ($criteria->{name}) {
my $name = $dbh->quote($criteria->{name});
- trick_taint($name); # Detaint data as we have quoted it.
push(@criteria, "flagtypes.name = $name");
}
if ($criteria->{target_type}) {
use Tie::Hash::NamedCapture;
use Safe;
use Term::ANSIColor;
-use Taint::Util qw(untaint);
use Sys::Hostname qw(hostname);
use parent qw(Exporter);
foreach my $override (PARAM_OVERRIDE) {
my $o_key = ENV_PREFIX . $override;
$localconfig{param_override}{$override} = $ENV{$o_key};
- untaint($localconfig{param_override}{$override});
}
}
elsif (exists $ENV{$key}) {
$localconfig{$name} = $ENV{$key};
- untaint($localconfig{$name});
}
else {
my $default = $var->{default};
$localconfig{$name} = ref($default) eq 'CODE' ? $default->() : $default;
- untaint($localconfig{$name});
}
}
# We know that these paths are safe, because they came from
# extensionsdir and we checked them specifically for their format.
# Also, the only thing we ever do with them is pass them to "require".
- trick_taint($_) foreach @load_files;
push(@files, \@load_files);
}
foreach my $dir (@add) {
my $full_dir = "$templatedir/$lang/$dir";
if (-d $full_dir) {
- trick_taint($full_dir);
push(@result, $full_dir);
}
}
# Copied from Bugzilla::Util #
##############################
-sub trick_taint {
- require Carp;
- Carp::confess("Undef to trick_taint") unless defined $_[0];
- my $match = $_[0] =~ /^(.*)$/s;
- $_[0] = $match ? $1 : undef;
- return (defined($_[0]));
-}
-
sub trim {
my ($str) = @_;
if ($str) {
use File::Spec::Functions qw(rel2abs catfile);
use Bugzilla::Constants qw(bz_locations);
use English qw(-no_match_vars $PROGRAM_NAME);
-use Taint::Util qw(untaint);
sub logfile {
my ($class, $name) = @_;
my $file = rel2abs(catfile(bz_locations->{logsdir}, $name));
- untaint($file);
return $file;
}
use Bugzilla::RNG qw( irand );
use Bugzilla::Token
qw( issue_short_lived_session_token set_token_extra_data get_token_extra_data delete_token );
-use Bugzilla::Util qw( trick_taint );
sub new {
my ($class, $user) = @_;
sub property_get {
my ($self, $name) = @_;
- trick_taint($name);
return
scalar Bugzilla->dbh->selectrow_array(
"SELECT value FROM profile_mfa WHERE user_id = ? AND name = ?",
sub property_set {
my ($self, $name, $value) = @_;
- trick_taint($name);
- trick_taint($value);
Bugzilla->dbh->do(
"INSERT INTO profile_mfa (user_id, name, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?",
undef, $self->{user}->id, $name, $value, $value
sub property_delete {
my ($self, $name) = @_;
- trick_taint($name);
Bugzilla->dbh->do("DELETE FROM profile_mfa WHERE user_id = ? AND name = ?",
undef, $self->{user}->id, $name);
}
use Bugzilla::Error;
use Scalar::Util qw(blessed);
use List::Util qw(sum);
-use Bugzilla::Util qw(trick_taint trim);
+use Bugzilla::Util qw(trim);
use URI::Escape;
use Encode;
use Sys::Syslog qw(:DEFAULT);
sub _encode_key {
my ($self, $key) = @_;
$key = $self->_global_prefix . '.' . uri_escape_utf8($key);
- trick_taint($key) if defined $key;
return length($self->{namespace} . $key) > MAX_KEY_LENGTH ? undef : $key;
}
push(@values, @{$param->{'values'}});
}
- map { trick_taint($_) } @values;
$object_data
= $dbh->selectrow_hashref("SELECT $columns FROM $table WHERE $condition",
undef, @values);
# for the caller. So we copy the array. It's safe to untaint because
# they're only used in placeholders here.
my @untainted = @{$values || []};
- trick_taint($_) foreach @untainted;
$objects = $dbh->selectall_arrayref($sql, {Slice => {}}, @untainted);
$class->_serialisation_keys($objects->[0]) if @$objects;
}
if (exists $validators{$field}) {
my $validator = $validators{$field};
$value = $self->$validator($value, $field);
- trick_taint($value) if (defined $value && !ref($value));
if ($self->can('_set_global_validator')) {
$self->_set_global_validator($value, $field);
next;
}
- trick_taint($new) if defined $new;
push(@values, $new);
push(@update_columns, $column);
# We want people to be able to explicitly set fields to NULL,
# and that means they can be set to undef.
- trick_taint($value) if defined $value && !ref($value);
$field_values{$field} = $value;
}
$this->my_rmtree($file);
}
else {
- trick_taint($file);
unlink $file;
}
}
- trick_taint($dir);
rmdir $dir;
}
open(my $fh, '<', $this->{FILENAME}) or die "Could not open $this->{FILENAME}";
$this->{FILE} = $fh;
$this->{NEXT_FILE_LINE} = 1;
- trick_taint($olddir); # $olddir comes from getcwd()
chdir($olddir) or die "Could not cd back to $olddir";
}
$this->{SECTION_END} = $i - 1;
}
-sub trick_taint {
- $_[0] =~ /^(.*)$/s;
- $_[0] = $1;
- return (defined($_[0]));
-}
1;
$self->_chart_fields->{$field}
or ThrowCodeError("invalid_field_name", {field => $field});
- trick_taint($field);
# This is the field as you'd reference it in a SQL statement.
my $full_field = $field =~ /\./ ? $field : "bugs.$field";
my $is_numeric = $numeric_operator && $numeric_field && $numeric_value;
if ($is_numeric) {
my $quoted = $value;
- trick_taint($quoted);
return $quoted;
}
return Bugzilla->dbh->quote($value);
use Bugzilla::Error;
use Bugzilla::Search::Condition qw(condition);
-use Bugzilla::Util qw(trick_taint);
sub new {
my ($class, $joiner) = @_;
ThrowCodeError('search_invalid_joiner', {joiner => $joiner});
}
- # This will go into SQL directly so needs to be untainted.
- trick_taint($joiner) if $joiner;
bless {joiner => $joiner || 'AND'}, $class;
}
use Bugzilla::Error;
use Bugzilla::Search::Condition qw(condition);
-use Bugzilla::Util qw(trick_taint);
use List::MoreUtils qw(uniq);
use constant UNSUPPORTED_FIELDS => qw(
"subcategory", "name", "frequency", "public",
"query_format"
);
- trick_taint($self->{'query'});
$self->{'public'} = $cgi->param('public') ? 1 : 0;
my $category_id = getCategoryID($self->{'category'});
my $subcategory_id = getCategoryID($self->{'subcategory'});
- trick_taint($self->{'name'});
my $series_id
= $dbh->selectrow_array("SELECT series_id "
. "FROM series WHERE category = $category_id "
# This seems for the best idiom for "Do A. Then maybe do B and A again."
while (1) {
- # We are quoting this to put it in the DB, so we can remove taint
- trick_taint($category);
-
$category_id
= $dbh->selectrow_array("SELECT id "
. "from series_categories "
# Security - allow letters and a hyphen only
$ctype =~ s/[^a-zA-Z\-]//g;
$format =~ s/[^a-zA-Z\-]//g;
- trick_taint($ctype);
- trick_taint($format);
$template .= ($format ? "-$format" : "");
$template .= ".$ctype.tmpl";
use Template::Document;
use Template::Config;
-use Bugzilla::Util qw(trick_taint);
-
sub _init {
my $self = shift;
$self->SUPER::_init(@_);
unless ($search->{$key}) {
$search->{$key} = $name;
}
- trick_taint($name);
my $data = {
path => $name,
name => $key,
},
time => (stat($name))[9],
};
- trick_taint($data->{text}) if $data->{text};
$cache->{$name} = $self->_bz_compile($data) or die "compile error: $name";
}
};
$vars ||= {};
# Get information about the token being canceled.
- trick_taint($token);
my ($db_token, $issuedate, $tokentype, $eventdata, $userid)
= $dbh->selectrow_array(
'SELECT token, '
return unless defined $token;
$token = clean_text($token);
- trick_taint($token);
my @token_data = $dbh->selectrow_array(
"SELECT token, userid, "
my $dbh = Bugzilla->dbh;
return unless defined $token;
- trick_taint($token);
$dbh->do("DELETE FROM tokens WHERE token = ?", undef, $token);
}
sub get_token_extra_data {
my ($token) = @_;
- trick_taint($token);
my ($data)
= Bugzilla->dbh->selectrow_array(
"SELECT extra_data FROM token_data WHERE token = ?",
my $dbh = Bugzilla->dbh;
detaint_natural($userid) if defined $userid;
- trick_taint($tokentype);
- trick_taint($eventdata);
my $is_shadow = Bugzilla->is_shadow_db;
$dbh = Bugzilla->switch_to_main_db() if $is_shadow;
if ($wildstr =~ s/\*/\%/g && $user->id) {
# Build the query.
- trick_taint($wildstr);
my $query = "SELECT DISTINCT userid FROM profiles ";
if (Bugzilla->params->{'usevisibilitygroups'}) {
$query .= "INNER JOIN user_group_map
}
else { # try an exact match
# Exact matches don't care if a user is disabled.
- trick_taint($str);
my $user_id = $dbh->selectrow_array(
'SELECT userid FROM profiles
WHERE '
# then try substring search
if (!scalar(@users) && length($str) >= 3 && $user->id) {
- trick_taint($str);
my $query = "SELECT DISTINCT userid FROM profiles ";
if (Bugzilla->params->{'usevisibilitygroups'}) {
sub note_login_failure {
my $self = shift;
my $ip_addr = remote_ip();
- trick_taint($ip_addr);
Bugzilla->dbh->do(
"INSERT INTO login_failure (user_id, ip_addr, login_time)
VALUES (?, ?, LOCALTIMESTAMP(0))", undef, $self->id, $ip_addr
sub clear_login_failures {
my $self = shift;
my $ip_addr = remote_ip();
- trick_taint($ip_addr);
Bugzilla->dbh->do('DELETE FROM login_failure WHERE user_id = ? AND ip_addr = ?',
undef, $self->id, $ip_addr);
delete $self->{account_ip_login_failures};
my $time = $dbh->sql_date_math('LOCALTIMESTAMP(0)', '-', LOGIN_LOCKOUT_INTERVAL,
'MINUTE');
my $ip_addr = remote_ip();
- trick_taint($ip_addr);
$self->{account_ip_login_failures} ||= Bugzilla->dbh->selectall_arrayref(
"SELECT login_time, ip_addr, user_id FROM login_failure
WHERE user_id = ? AND login_time > $time
my $dbh = Bugzilla->dbh;
- # $username is safe because it is only used in SELECT placeholders.
- trick_taint($username);
-
# Reject if the new login is part of an email change which is
# still in progress
#
$user_id = $cache->{$login};
}
else {
- # No need to validate $login -- it will be used by the following SELECT
- # statement only, so it's safe to simply trick_taint.
- trick_taint($login);
$user_id = $dbh->selectrow_array(
"SELECT userid FROM profiles
WHERE " . $dbh->sql_istrcmp('login_name', '?'), undef, $login
);
use Bugzilla::Error;
-use Bugzilla::Util qw(trick_taint get_text);
+use Bugzilla::Util qw(get_text);
use Module::Runtime qw(require_module);
###############################
my $self = shift;
if (grep(/^$_[0]$/, @{$self->legal_values()})) {
- trick_taint($_[0]);
+ # do nothing
}
else {
ThrowCodeError('setting_value_invalid',
use warnings;
use base qw(Exporter);
-@Bugzilla::Util::EXPORT = qw(trick_taint detaint_natural
+@Bugzilla::Util::EXPORT = qw(detaint_natural
detaint_signed
with_writable_database with_readonly_database
html_quote url_quote xml_quote
use List::MoreUtils qw(any none);
use POSIX qw(floor ceil);
use Scalar::Util qw(tainted blessed);
-use Taint::Util qw(untaint);
use Text::Wrap;
use Try::Tiny;
$code->();
}
-sub trick_taint {
- untaint($_[0]);
-
- return defined $_[0];
-}
-
sub detaint_natural {
my $match = $_[0] =~ /^(\d+)$/;
$_[0] = $match ? int($1) : undef;
my $ipv6 = join(':', @chunks);
- # The IP address is valid and can now be detainted.
- untaint($ipv6);
-
# Need to handle the exception of trailing :: being valid.
return "${ipv6}::" if $ip =~ /::$/;
return $ipv6;
# Crypt the password.
$crypted_password = crypt($password, $salt);
-
- # HACK: Perl has bug where returned crypted password is considered
- # tainted. See http://rt.perl.org/rt3/Public/Bug/Display.html?id=59998
- unless (tainted($password) || tainted($salt)) {
- untaint($crypted_password);
- }
}
else {
my $hasher = Digest->new($algorithm);
&& $email =~ /^$addr_spec$/
&& length($email) <= 127)
{
- # We assume these checks to suffice to consider the address untainted.
- untaint($_[0]);
return 1;
}
return 0;
use Bugzilla::Util;
# Functions for dealing with variable tainting
- trick_taint($var);
detaint_natural($var);
detaint_signed($var);
=over 4
-=item C<trick_taint($val)>
-
-Tricks perl into untainting a particular variable.
-
-Use trick_taint() when you know that there is no way that the data
-in a scalar can be tainted, but taint mode still bails on it.
-
-B<WARNING!! Using this routine on data that really could be tainted defeats
-the purpose of taint mode. It should only be used on variables that have been
-sanity checked in some way and have been determined to be OK.>
-
=item C<detaint_natural($num)>
This routine detaints a natural number. It returns a true value if the
qw(extract_flags filter filter_wants validate translate);
use Bugzilla::Bug;
use Bugzilla::BugMail;
-use Bugzilla::Util qw(trick_taint trim detaint_natural remote_ip);
+use Bugzilla::Util qw(trim detaint_natural remote_ip);
use Bugzilla::Version;
use Bugzilla::Milestone;
use Bugzilla::Status;
if (grep($_->name eq $field, @global_selects)) {
# The field is a valid one.
- trick_taint($field);
$values = get_legal_field_values($field);
}
elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) {
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::WebService::Util qw(validate);
-use Bugzilla::Util qw(trim detaint_natural trick_taint);
+use Bugzilla::Util qw(trim detaint_natural );
use constant READ_ONLY => qw( suggest_users );
use constant PUBLIC_METHODS => qw( suggest_users );
ThrowUserError('user_access_by_match_denied') unless Bugzilla->user->id;
- trick_taint($params->{match});
my $results = Bugzilla->elastic->suggest_users($params->{match} . "");
my @users = map { {
real_name => $self->type(string => $_->{real_name}),
use Bugzilla::Hook;
use List::Util qw(first);
-use Taint::Util qw(untaint);
# Don't need auth to login
use constant LOGIN_EXEMPT => {login => 1, offer_account_by_email => 1,};
ThrowUserError('user_access_by_match_denied') unless Bugzilla->user->id;
- untaint($params->{match});
my $s = $params->{match};
trim($s);
return {users => []} if length($s) < 3;
'Scope::Guard' => '0.21',
'Sereal' => '4.004',
'Sub::Quote' => '2.005000',
- 'Taint::Util' => '0.08',
'Template' => '2.24',
'Text::CSV_XS' => '1.26',
'Throwable' => '0.200013',
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Hook;
-use Bugzilla::Util qw(trick_taint);
use Bugzilla::Token qw(issue_auth_delegation_token check_auth_delegation_token);
use Bugzilla::Mailer qw(MessageToMTA);
my $description = $cgi->param('description')
or ThrowUserError("auth_delegation_missing_description");
-trick_taint($callback);
-trick_taint($description);
-
ThrowUserError("auth_delegation_invalid_description")
unless $description =~ /^[\w\s]{3,255}$/;
my $token = $cgi->param('token');
unless ($skip_confirmation) {
ThrowUserError("auth_delegation_missing_token") unless $token;
- trick_taint($token);
unless (check_auth_delegation_token($token, $callback)) {
ThrowUserError('auth_delegation_invalid_token',
elsif ($remaction eq "forget") {
$user = Bugzilla->login(LOGIN_REQUIRED);
- # Copy the name into a variable, so that we can trick_taint it for
+ # Copy the name into a variable for
# the DB. We know it's safe, because we're using placeholders in
# the SQL, and the SQL is only a DELETE.
my $qname = $cgi->param('namedcmd');
- trick_taint($qname);
# Do not forget the saved search if it is being used in a whine
my $whines_in_use = $dbh->selectcol_arrayref(
# Weed out columns that don't actually exist to prevent the user
# from hacking their column list cookie to grab data to which they
-# should not have access. Detaint the data along the way.
-@displaycolumns = grep($columns->{$_} && trick_taint($_), @displaycolumns);
+# should not have access.
+@displaycolumns = grep { $columns->{$_} } @displaycolumns;
# Remove the "ID" column from the list because bug IDs are always displayed
# and are hard-coded into the display templates.
check_token_data($token, 'reclassify_classifications');
if (defined $cgi->param('prodlist')) {
foreach my $prod ($cgi->param("prodlist")) {
- trick_taint($prod);
$sth->execute($classification->id, $prod);
push @names, $prod;
}
check_token_data($token, 'reclassify_classifications');
if (defined $cgi->param('myprodlist')) {
foreach my $prod ($cgi->param("myprodlist")) {
- trick_taint($prod);
$sth->execute(1, $prod);
push @names, $prod;
}
sub CheckGroupRegexp {
my ($regexp) = @_;
$regexp = trim($regexp || '');
- trick_taint($regexp);
ThrowUserError("invalid_regexp") unless (eval {qr/$regexp/});
return $regexp;
}
$matchstr = '' unless defined $matchstr;
}
- # We can trick_taint because we use the value in a SELECT only,
- # using a placeholder.
- trick_taint($matchstr);
-
if ($matchtype eq 'regexp') {
$query .= $dbh->sql_regexp($expr, '?', 0, $dbh->quote($matchstr));
}
my $body = ($cgi->param("event_${eventid}_body") or '');
my $mailifnobugs = $cgi->param("event_${eventid}_mailifnobugs") ? 1 : 0;
- trick_taint($subject) if $subject;
- trick_taint($body) if $body;
-
if ( ($subject ne $events->{$eventid}->subject)
|| ($mailifnobugs != $events->{$eventid}->mail_if_no_bugs)
|| ($body ne $events->{$eventid}->body))
elsif ($mailto_type == MAILTO_GROUP) {
# The group name is used in a placeholder.
- trick_taint($mailto);
$mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user))
|| ThrowUserError('invalid_group_name', {name => $mailto});
}
|| ($o_mailto ne $mailto)
|| ($o_mailto_type != $mailto_type))
{
-
- trick_taint($day);
- trick_taint($time);
-
# the schedule table must be locked
$sth
= $dbh->prepare("UPDATE whine_schedules "
{
detaint_natural($sort);
- trick_taint($queryname);
- trick_taint($title);
$sth
= $dbh->prepare("UPDATE whine_queries "
use Bugzilla::Error;
use Bugzilla::Group;
-use Bugzilla::Util qw(remote_ip trick_taint);
+use Bugzilla::Util qw(remote_ip);
use Email::Address;
use Socket;
sub _ip_blocking {
my ($self, $login) = @_;
my $ip = remote_ip();
- trick_taint($ip);
my $blocked
= Bugzilla->dbh->selectrow_array(
"SELECT 1 FROM antispam_ip_blocklist WHERE ip_address=?",
return if $author->comment_count < $count;
# get user's comments
- trick_taint($tag);
my $comments = Bugzilla->dbh->selectall_arrayref("
SELECT longdescs.comment_id,longdescs_tags.id
FROM longdescs
# store user-agent
if (my $ua = Bugzilla->cgi->user_agent) {
- trick_taint($ua);
Bugzilla->dbh->do(
"INSERT INTO bug_user_agent (bug_id, user_agent) VALUES (?, ?)",
undef, $bug->id, $ua);
}
check_hash_token($input->{token}, ['query_database']);
- trick_taint($query);
$vars->{executed} = 1;
# add limit if missing
use Bugzilla::Error;
use Bugzilla::Field;
use Bugzilla::FlagType;
-use Bugzilla::Util qw(trick_taint validate_date);
+use Bugzilla::Util qw(validate_date);
use JSON qw(-convert_blessed_universally);
use List::MoreUtils qw(uniq);
my $flag_name = shift @query;
@{Bugzilla::FlagType::match({name => $flag_name, is_active => 1})}
or ThrowUserError('report_invalid_parameter', {name => 'flag_name'});
- trick_taint($flag_name);
$query->{flag_name} = $flag_name;
# flag_status
use Bugzilla::Constants;
use Bugzilla::Error;
-use Bugzilla::Util qw(detaint_natural trick_taint);
+use Bugzilla::Util qw(detaint_natural);
use Bugzilla::WebService::Util qw(validate);
use Bugzilla::Field;
use Bugzilla::Extension::BugModal::Util qw(date_str_to_time);
use Bugzilla::Constants;
use Bugzilla::User::Setting;
-use Bugzilla::Util qw(trick_taint datetime_from html_quote time_ago);
+use Bugzilla::Util qw(datetime_from html_quote time_ago);
use List::MoreUtils qw(any);
use Template::Stash;
use JSON::XS qw(encode_json);
use Bugzilla::Product;
use Bugzilla::Version;
use List::MoreUtils qw(any first_value);
-use Taint::Util qw(untaint);
# these methods are much lighter than our public API calls
sub product_info {
my ($self, $params) = @_;
if (!ref $params->{product_name}) {
- untaint($params->{product_name});
}
else {
ThrowCodeError('params_required',
use Bugzilla::Extension::BzAPI::Util qw(fix_credentials filter_wants_nocache);
use Bugzilla::Error;
-use Bugzilla::Util qw(trick_taint datetime_from);
+use Bugzilla::Util qw(datetime_from);
use Bugzilla::Constants;
use Bugzilla::Install::Filesystem;
use Bugzilla::WebService::Constants;
my $all_handlers = {};
foreach my $module (_resource_modules()) {
my $resource_class = "Bugzilla::Extension::BzAPI::Resources::$module";
- trick_taint($resource_class);
eval { require_module($resource_class) };
next if ($@ || !$resource_class->can('rest_handlers'));
my $handlers = $resource_class->rest_handlers;
use Bugzilla::Bug;
use Bugzilla::Error;
use Bugzilla::Token qw(issue_hash_token);
-use Bugzilla::Util qw(trick_taint diff_arrays);
+use Bugzilla::Util qw(diff_arrays);
use Bugzilla::WebService::Constants;
use Bugzilla::Extension::BzAPI::Util;
# Validate the values in the axis fields or throw an error.
!$row_field
- || ($valid_columns->{$row_field} && trick_taint($row_field))
+ || $valid_columns->{$row_field}
|| ThrowCodeError("report_axis_invalid", {fld => "x", val => $row_field});
!$col_field
- || ($valid_columns->{$col_field} && trick_taint($col_field))
+ || $valid_columns->{$col_field}
|| ThrowCodeError("report_axis_invalid", {fld => "y", val => $col_field});
!$tbl_field
- || ($valid_columns->{$tbl_field} && trick_taint($tbl_field))
+ || $valid_columns->{$tbl_field}
|| ThrowCodeError("report_axis_invalid", {fld => "z", val => $tbl_field});
my @axis_fields = grep {$_} ($row_field, $col_field, $tbl_field);
use Bugzilla::Group;
use Bugzilla::User;
use Bugzilla::User::Setting;
-use Bugzilla::Util qw(detaint_natural trim trick_taint);
+use Bugzilla::Util qw(detaint_natural trim);
our $VERSION = '2';
my ($user, $product, $prefix) = @_;
my $dbh = Bugzilla->dbh;
- trick_taint($prefix);
my $sth = $dbh->prepare("
SELECT 1
FROM component_watch
&& defined $params->{"edit_comment_checkbox_$comment_id"}
&& $params->{"edit_comment_checkbox_$comment_id"} == 'on') ? 1 : 0;
- trick_taint($new_comment);
$dbh->do(
"UPDATE longdescs SET thetext = ?, edit_count = edit_count + 1
WHERE comment_id = ?", undef, $new_comment, $comment_id
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Template;
-use Bugzilla::Util qw(trick_taint trim);
+use Bugzilla::Util qw(trim);
use Bugzilla::WebService::Util qw(validate);
use constant PUBLIC_METHODS => qw(
&& $params->{is_hidden} == 1) ? 1 : 0;
# Update the `longdescs` (comments) table
- trick_taint($new_comment);
$dbh->do(
'UPDATE longdescs SET thetext = ?, edit_count = edit_count + 1 WHERE comment_id = ?',
undef, $new_comment, $comment_id
use Bugzilla::Error;
use Bugzilla::Hook;
use Bugzilla::Token;
-use Bugzilla::Util qw(trick_taint);
use JSON;
use Storable qw(dclone);
my $id_field = $table->{id_field};
my $order_by = $table->{order_by} || $id_field;
my $group = $table->{group} || 'admin';
- trick_taint($table_name);
Bugzilla->user->in_group($group)
|| ThrowUserError('auth_failure',
$dbh->bz_start_transaction;
foreach my $row (@$data) {
- map { trick_taint($_) } @$row;
if ($row->[0] eq '-') {
# add
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Field;
-use Bugzilla::Util qw(trick_taint);
use Bugzilla::Extension::Ember::FakeBug;
# Only return changes since last_updated if provided
my $last_updated = delete $params->{last_updated};
if ($last_updated) {
- trick_taint($last_updated);
my $updated_fields = $dbh->selectcol_arrayref(
'SELECT fieldid FROM bugs_activity
# Only return changes since last_updated if provided
my $last_updated = delete $params->{last_updated};
if ($last_updated) {
- trick_taint($last_updated);
my $updated_fields = $dbh->selectcol_arrayref(
'SELECT fielddefs.name
FROM fielddefs INNER JOIN bugs_activity
use Bugzilla::Extension::FlagTypeComment::Constants;
use Bugzilla::FlagType;
-use Bugzilla::Util qw(trick_taint);
use Scalar::Util qw(blessed);
our $VERSION = '1';
}
else {
($target_type, $id) = ($type->{target_type}, $type->{id});
- trick_taint($id) if $id;
}
if ($target_type eq 'bug') {
return unless FLAGTYPE_COMMENT_BUG_FLAGS;
my $text
= $input->{"ftc_${flagtype_id}_$state"} || $input->{"ftc_new_$state"} || '';
$text =~ s/\r\n/\n/g;
- trick_taint($text);
if ($text ne '') {
if ($dbh->selectrow_array(
use Bugzilla::Extension::GitHubAuth::Client;
use Bugzilla::Error;
-use Bugzilla::Util qw(trick_taint);
use List::Util qw(first);
use URI;
use URI::QueryParam;
use Scalar::Util qw(blessed);
use Bugzilla::Constants qw(AUTH_NODATA AUTH_ERROR USAGE_MODE_BROWSER);
-use Bugzilla::Util qw(trick_taint generate_random_password);
+use Bugzilla::Util qw(generate_random_password);
use Bugzilla::Token qw(issue_short_lived_session_token set_token_extra_data);
use List::MoreUtils qw(any);
use Bugzilla::Extension::GitHubAuth::Client;
return {failure => AUTH_ERROR, error => 'github_missing_code'} unless $code;
- trick_taint($code);
-
my $client = Bugzilla::Extension::GitHubAuth::Client->new;
my ($access_token, $emails);
user_error => 'github_invalid_email',
details => {email => ''}
};
- trick_taint($email);
unless (any { $_ eq $email } @{Bugzilla->request_cache->{github_emails}}) {
return {
use Bugzilla::Constants;
use Bugzilla::Error;
-use Bugzilla::Util qw(detaint_natural trick_taint template_var datetime_from);
+use Bugzilla::Util qw(detaint_natural template_var datetime_from);
use Bugzilla::WebService::Util qw(validate);
use Bugzilla::Extension::MyDashboard::Queries
my $dbh = Bugzilla->dbh;
my $user = Bugzilla->login(LOGIN_REQUIRED);
- trick_taint($params->{changeddate_api});
- trick_taint($params->{bug_id});
-
my $last_comment_sql = "
SELECT comment_id
FROM longdescs
use Bugzilla::Extension::PhabBugz::Types qw(:types);
use List::Util qw(first);
-use Taint::Util qw(untaint);
use Try::Tiny;
use Type::Params qw( compile );
use Type::Utils;
use Bugzilla::Error;
use Bugzilla::Logging;
use Bugzilla::User;
-use Bugzilla::Util qw(detaint_natural trick_taint);
+use Bugzilla::Util qw(detaint_natural);
use Bugzilla::WebService::Constants;
use Types::Standard qw(-types slurpy);
use Type::Params qw(compile);
use base qw(Bugzilla::WebService);
use Bugzilla::Error;
-use Bugzilla::Util qw(detaint_natural trick_taint trim);
+use Bugzilla::Util qw(detaint_natural trim);
#############
# Constants #
return {products => []} if !scalar @$enterable_ids;
- trick_taint($search);
my @terms;
my @order;
use Bugzilla::Error;
use Bugzilla::Extension::Push::Util;
use Bugzilla::Token qw(check_hash_token);
-use Bugzilla::Util qw(trim detaint_natural trick_taint);
+use Bugzilla::Util qw(trim detaint_natural );
use base qw(Exporter);
our @EXPORT = qw(
# update
foreach my $option ($config->options) {
my $option_name = $option->{name};
- trick_taint($values->{$option_name});
$config->{$option_name} = $values->{$option_name};
}
$config->update();
use Bugzilla::Mailer;
use Bugzilla::Product;
use Bugzilla::User;
-use Bugzilla::Util qw(trim trick_taint);
+use Bugzilla::Util qw(trim);
use Email::MIME;
use FileHandle;
use LWP;
sub options_validate {
my ($self, $config) = @_;
my $host = $config->{ldap_host};
- trick_taint($host);
my $scheme = lc($config->{ldap_scheme});
eval {
my $ldap
my $cache = {};
my $host = $config->{ldap_host};
- trick_taint($host);
my $scheme = lc($config->{ldap_scheme});
my $ldap = Net::LDAP->new($host, scheme => $scheme, onerror => 'die') or die $!;
$ldap->bind($config->{ldap_user}, password => $config->{ldap_pass});
use Bugzilla::Logging;
use Bugzilla::Extension::Push::Util;
use Bugzilla::Constants;
-use Bugzilla::Util qw(trick_taint);
use File::Basename;
use Try::Tiny;
foreach my $name (@{$self->{names}}) {
next if exists $self->{objects}->{$name};
my $file = $self->{path} . "/$name.pm";
- trick_taint($file);
require $file;
my $package = "Bugzilla::Extension::Push::Connector::$name";
use base qw(Bugzilla::Extension);
use Bugzilla::Constants;
-use Bugzilla::Util qw(trick_taint trim detaint_natural);
+use Bugzilla::Util qw(trim detaint_natural);
use Bugzilla::Token;
use Bugzilla::Error;
use List::Util qw(first);
$bug->update($timestamp);
if ($token) {
- trick_taint($token);
$dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?',
undef, ("remo_form_payment:" . $attachment->id, $token));
}
use Bugzilla::Bug;
use Bugzilla::Component;
use Bugzilla::Error;
-use Bugzilla::Util qw(detaint_natural trick_taint);
+use Bugzilla::Util qw(detaint_natural );
use Bugzilla::WebService::Util 'filter';
use constant PUBLIC_METHODS => qw(
}
if (my $type_name = $params->{type_name}) {
- trick_taint($type_name);
my $flag_types = Bugzilla::FlagType::match({name => $type_name});
$match_criteria{type_id} = [map { $_->id } @$flag_types];
}
use Bugzilla::Group;
use Bugzilla::Object;
use Bugzilla::User;
-use Bugzilla::Util qw(trim trick_taint is_7bit_clean);
+use Bugzilla::Util qw(trim is_7bit_clean);
use Bugzilla::Error;
use Bugzilla::Mailer;
use Bugzilla::Extension::SecureMail::TCT;
}
elsif ($value =~ /BEGIN CERTIFICATE/) {
- # S/MIME Keys must be in PEM format (Base64-encoded X.509)
- #
- # Crypt::SMIME seems not to like tainted values - it claims
- # they aren't scalars!
- trick_taint($value);
-
my $smime = Crypt::SMIME->new();
eval { $smime->setPublicKey([$value]); };
if ($@) {
"INSERT INTO attach_data (id, thedata)
VALUES ($att_id, ?)"
);
- trick_taint($att_data);
$sth->bind_param(1, $att_data, $dbh->BLOB_TYPE);
$sth->execute();
|| 0;
my $comment = $cgi->param("quip");
$comment || ThrowUserError("need_quip");
- trick_taint($comment); # Used in a placeholder below
$dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)",
undef, ($user->id, $comment, $approved));
# Validate the values in the axis fields or throw an error.
!$row_field
- || ($valid_columns->{$row_field} && trick_taint($row_field))
+ || $valid_columns->{$row_field}
|| ThrowCodeError("report_axis_invalid", {fld => "x", val => $row_field});
!$col_field
- || ($valid_columns->{$col_field} && trick_taint($col_field))
+ || $valid_columns->{$col_field}
|| ThrowCodeError("report_axis_invalid", {fld => "y", val => $col_field});
!$tbl_field
- || ($valid_columns->{$tbl_field} && trick_taint($tbl_field))
+ || $valid_columns->{$tbl_field}
|| ThrowCodeError("report_axis_invalid", {fld => "z", val => $tbl_field});
my @axis_fields = grep {$_} ($row_field, $col_field, $tbl_field);
$image_file = hmac_sha256_base64($image_file, $key) . '.png';
$image_file =~ s/\+/-/g;
$image_file =~ s/\//_/g;
- trick_taint($image_file);
if (!-e "$graph_dir/$image_file") {
generate_chart($dir, "$graph_dir/$image_file", $product, \@datasets);
# Filter results by exact email address of requester or requestee.
if (defined $cgi->param('requester') && $cgi->param('requester') ne "") {
my $requester = $dbh->quote($cgi->param('requester'));
- trick_taint($requester); # Quoted above
push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester));
push(@excluded_columns, 'requester') unless $do_union;
}
if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") {
if ($cgi->param('requestee') ne "-") {
my $requestee = $dbh->quote($cgi->param('requestee'));
- trick_taint($requestee); # Quoted above
push(@criteria, $dbh->sql_istrcmp('requestees.login_name', $requestee));
}
else {
if (!$has_attachment_type) { push(@excluded_columns, 'attachment') }
my $quoted_form_type = $dbh->quote($form_type);
- trick_taint($quoted_form_type); # Already SQL quoted
push(@criteria, "flagtypes.name = " . $quoted_form_type);
push(@excluded_columns, 'type');
}
grep($status eq $_, qw(? +- + - all))
|| ThrowUserError("flag_status_invalid", {status => $status});
- trick_taint($status);
return $status;
}
grep($group eq $_, qw(requester requestee category type))
|| ThrowUserError("request_queue_group_invalid", {group => $group});
- trick_taint($group);
return $group;
}
my ($id, $old_query) = @$row;
my $new_query = all_open_states($new_status, $old_query);
if ($new_query) {
- trick_taint($new_query);
$sth->execute($new_query, $id);
$replace_count++;
}
my ($series_id, $old_query) = @$row;
my $new_query = all_open_states($new_status, $old_query);
if ($new_query) {
- trick_taint($new_query);
$sth->execute($new_query, $series_id);
$replace_count++;
}
$old_id = $1;
}
else {
- trick_taint($old);
$old_id = $dbh->selectrow_array(
'SELECT userid FROM profiles
WHERE login_name = ?', undef, $old
);
}
else {
- trick_taint($new);
$new_id = $dbh->selectrow_array(
'SELECT userid FROM profiles
WHERE login_name = ?', undef, $new
use Bugzilla::Field;
use Bugzilla::Keyword;
use Bugzilla::User;
-use Bugzilla::Util qw(trick_taint trim);
+use Bugzilla::Util qw(trim);
use Getopt::Long;
use Term::ANSIColor qw(colored);
my $keyword = shift;
($whiteboard && $keyword)
|| usage("Whiteboard or keyword strings were not provided\n");
-trick_taint($whiteboard);
-trick_taint($keyword);
# User to make changes as automation@bmo.tld
my $auto_user = Bugzilla::User->check({name => 'automation@bmo.tld'});
use Bugzilla::Constants;
use Bugzilla::User;
use Bugzilla::Field;
-use Bugzilla::Util qw(trick_taint);
use Getopt::Long;
my $who = Bugzilla::User->new({name => 'nobody@mozilla.org'});
my $field = Bugzilla::Field->new({name => $field_name});
-trick_taint($product);
my $product_id = $dbh->selectrow_array("SELECT id FROM products WHERE name = ?",
undef, $product);
$product_id or die "Can't find product ID for '$product'.\n";
my $component_id;
my $default_user_id;
if ($component) {
- trick_taint($component);
my $colname
= $field->name eq 'qa_contact' ? 'initialqacontact' : 'initialowner';
($component_id, $default_user_id)
# $webdot directory. Since we're deleting the file (not following
# symlinks), this can't escape to delete anything it shouldn't
# (unless someone moves the location of $webdotdir, of course)
- trick_taint($f);
my $mtime = file_mod_time($f);
if ($mtime && $mtime < $since) {
unlink $f;
my @date_values;
if ($start_date) {
- # we've checked, trick_taint is fine
- trick_taint($start_date);
$date_bits = " AND longdescs.bug_when > ?";
push @date_values, $start_date;
}
if ($token) {
Bugzilla::Token::CleanTokenTable();
- # It's safe to detaint the token as it's used in a placeholder.
- trick_taint($token);
-
# Make sure the token exists in the database.
my ($db_token, $tokentype) = $dbh->selectrow_array(
'SELECT token, tokentype FROM tokens
# allowed to.
next unless grep($_ eq $group_id, @{$user->queryshare_groups});
- # $group_id is now definitely a valid ID of a group the
- # user can share queries with, so we can trick_taint.
detaint_natural($group_id);
if ($q->shared_with_group) {
$sth_update_ngm->execute($group_id, $q->id);
|| ThrowTemplateError($template->error());
}
elsif ($provider =~ /^[a-z]+$/) {
- trick_taint($provider);
$template->process("mfa/$provider/enroll.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
}
my $current_tab_name = $cgi->param('tab') || "account";
-# The SWITCH below makes sure that this is valid
-trick_taint($current_tab_name);
-
$vars->{'current_tab_name'} = $current_tab_name;
my $token = $cgi->param('token');
projects / thirdparty / bugzilla.git / commitdiff
