use warnings;
use Bugzilla::Error;
-use Bugzilla::Util qw(trick_taint);
use Scalar::Util qw(blessed);
+use Bugzilla::Util qw(trick_taint);
use URI::Escape;
use Encode;
use Sys::Syslog qw(:DEFAULT);
sub _encode_key {
my ($self, $key) = @_;
$key = $self->_global_prefix . '.' . uri_escape_utf8($key);
+ trick_taint($key) if defined $key;
return length($self->{namespace} . $key) > MAX_KEY_LENGTH
? undef
: $key;
$key = $self->_encode_key($key)
or return;
- my $value = $self->{memcached}->get($key);
- return unless defined $value;
-
- # detaint returned values
- # hashes and arrays are detainted just one level deep
- if (ref($value) eq 'HASH') {
- _detaint_hashref($value);
- }
- elsif (ref($value) eq 'ARRAY') {
- foreach my $value (@$value) {
- next unless defined $value;
- # arrays of hashes and arrays are common
- if (ref($value) eq 'HASH') {
- _detaint_hashref($value);
- }
- elsif (ref($value) eq 'ARRAY') {
- _detaint_arrayref($value);
- }
- elsif (!ref($value)) {
- trick_taint($value);
- }
- }
- }
- elsif (!ref($value)) {
- trick_taint($value);
- }
- return $value;
-}
-
-sub _detaint_hashref {
- my ($hashref) = @_;
- foreach my $value (values %$hashref) {
- if (defined($value) && !ref($value)) {
- trick_taint($value);
- }
- }
-}
-
-sub _detaint_arrayref {
- my ($arrayref) = @_;
- foreach my $value (@$arrayref) {
- if (defined($value) && !ref($value)) {
- trick_taint($value);
- }
- }
+ return $self->{memcached}->get($key);
}
sub _delete {
projects / thirdparty / bugzilla.git / commitdiff
