use File::Basename;
use POSIX qw(setlocale LC_CTYPE);
use Safe;
+use Scalar::Util qw(tainted);
use base qw(Exporter);
our @EXPORT_OK = qw(
foreach my $key (@replace_keys) {
my $replacement = $vars->{$key};
die "'$key' in '$string_id' is tainted: '$replacement'"
- if is_tainted($replacement);
+ if tainted($replacement);
# We don't want people to start getting clever and inserting
# ##variable## into their values. So we check if any other
# key is listed in the *replacement* string, before doing
return (defined($_[0]));
}
-sub is_tainted {
- return not eval { my $foo = join('',@_), kill 0; 1; };
-}
-
__END__
=head1 NAME
use strict;
use base qw(Exporter);
-@Bugzilla::Util::EXPORT = qw(is_tainted trick_taint detaint_natural
+@Bugzilla::Util::EXPORT = qw(trick_taint detaint_natural
detaint_signed
html_quote url_quote xml_quote
css_class_quote html_light_quote url_decode
use Scalar::Util qw(tainted);
use Text::Wrap;
-# This is from the perlsec page, slightly modified to remove a warning
-# From that page:
-# This function makes use of the fact that the presence of
-# tainted data anywhere within an expression renders the
-# entire expression tainted.
-# Don't ask me how it works...
-sub is_tainted {
- return not eval { my $foo = join('',@_), kill 0; 1; };
-}
-
sub trick_taint {
require Carp;
Carp::confess("Undef to trick_taint") unless defined $_[0];
use Bugzilla::Util;
# Functions for dealing with variable tainting
- $rv = is_tainted($var);
trick_taint($var);
detaint_natural($var);
detaint_signed($var);
=over 4
-=item C<is_tainted>
-
-Determines whether a particular variable is tainted
-
=item C<trick_taint($val)>
Tricks perl into untainting a particular variable.
projects / thirdparty / bugzilla.git / commitdiff
