use warnings;
use Bugzilla::Error;
+use Bugzilla::Util qw(trick_taint);
use Scalar::Util qw(blessed);
use URI::Escape;
use Encode;
$key = $self->_encode_key($key)
or return;
- return $self->{memcached}->get($key);
+ my $value = $self->{memcached}->get($key);
+ return unless defined $value;
+
+ # detaint returned values
+ # hashes and arrays are detainted just one level deep
+ if (ref($value) eq 'HASH') {
+ _detaint_hashref($value);
+ }
+ elsif (ref($value) eq 'ARRAY') {
+ foreach my $value (@$value) {
+ next unless defined $value;
+ # arrays of hashes and arrays are common
+ if (ref($value) eq 'HASH') {
+ _detaint_hashref($value);
+ }
+ elsif (ref($value) eq 'ARRAY') {
+ _detaint_arrayref($value);
+ }
+ elsif (!ref($value)) {
+ trick_taint($value);
+ }
+ }
+ }
+ elsif (!ref($value)) {
+ trick_taint($value);
+ }
+ return $value;
+}
+
+sub _detaint_hashref {
+ my ($hashref) = @_;
+ foreach my $value (values %$hashref) {
+ if (defined($value) && !ref($value)) {
+ trick_taint($value);
+ }
+ }
+}
+
+sub _detaint_arrayref {
+ my ($arrayref) = @_;
+ foreach my $value (@$arrayref) {
+ if (defined($value) && !ref($value)) {
+ trick_taint($value);
+ }
+ }
}
sub _delete {
--- /dev/null
+use Cache::Memcached::Fast;
+use Devel::Peek;
+
+my $mc = Cache::Memcached::Fast->new( { servers => ['127.0.0.1:11211'] });
+
+my $v=[$ENV{PATH}];
+
+Dump($v->[0]);
+
+$mc->set("taint", $v);
+
+Dump($v->[0]);
+
+Dump($mc->get("taint")->[0]);
projects / thirdparty / bugzilla.git / commitdiff
