From: Dylan William Hardison Date: Mon, 4 Mar 2019 20:25:04 +0000 (-0500) Subject: Bug 1532406 - Removed useless trick_taint() and untaint() calls X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=470728ef3ca059f590dc4222612149ad99feb98a;p=thirdparty%2Fbugzilla.git Bug 1532406 - Removed useless trick_taint() and untaint() calls --- diff --git a/Bugzilla.pm b/Bugzilla.pm index 69a7710fd..d7720b222 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -602,9 +602,6 @@ sub log_user_request { $user_id, remote_ip(), $user_agent, $request_url, $method, $bug_id, $attach_id, $action, $server ); - foreach my $param (@params) { - trick_taint($param) if defined $param; - } eval { local request_cache->{dbh}; diff --git a/Bugzilla/App/CGI.pm b/Bugzilla/App/CGI.pm index 732688c3e..aaedb3485 100644 --- a/Bugzilla/App/CGI.pm +++ b/Bugzilla/App/CGI.pm @@ -10,7 +10,6 @@ use Mojo::Base 'Mojolicious::Controller'; use CGI::Compile; use Try::Tiny; -use Taint::Util qw(untaint); use Sys::Hostname; use Sub::Quote 2.005000; use Sub::Name; @@ -52,7 +51,6 @@ sub load_one { my $package = __PACKAGE__ . "::$name", my $inner_name = "_$name"; my $content = path(bz_locations->{cgi_path}, $file)->slurp; $content = "package $package; $content"; - untaint($content); my %options = (package => $package, file => $file, line => 1, no_defer => 1,); die "Tried to load $file more than once" if $SEEN{$file}++; my $inner = quote_sub $inner_name, $content, {}, \%options; diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm index f6b65d368..1e8f92ff8 100644 --- a/Bugzilla/Attachment.pm +++ b/Bugzilla/Attachment.pm @@ -442,7 +442,6 @@ sub _check_content_type { { ThrowUserError("invalid_content_type", {contenttype => $content_type}); } - trick_taint($content_type); return $content_type; } @@ -498,7 +497,6 @@ sub _check_filename { # Truncate the filename to 100 characters, counting from the end of the # string to make sure we keep the filename extension. $filename = substr($filename, -100, 100); - trick_taint($filename); return $filename; } diff --git a/Bugzilla/Attachment/Database.pm b/Bugzilla/Attachment/Database.pm index 661ac9131..fd8f5f000 100644 --- a/Bugzilla/Attachment/Database.pm +++ b/Bugzilla/Attachment/Database.pm @@ -11,8 +11,6 @@ use 5.10.1; use strict; use warnings; -use Bugzilla::Util qw(trick_taint); - sub new { return bless({}, shift); } @@ -22,7 +20,6 @@ sub store { my $dbh = Bugzilla->dbh; my $sth = $dbh->prepare( "INSERT INTO attach_data (id, thedata) VALUES ($attach_id, ?)"); - trick_taint($data); $sth->bind_param(1, $data, $dbh->BLOB_TYPE); $sth->execute(); } diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index 46a47f4c5..aaf19e3ba 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -51,7 +51,6 @@ sub get_login_info { @{$cgi->{'Bugzilla_cookie_list'}}; $user_id = $cookie->value if $cookie; } - trick_taint($login_cookie) if $login_cookie; $self->cookie($login_cookie); # If the call is for a web service, and an api token is provided, check @@ -89,7 +88,6 @@ sub get_login_info { # Anything goes for these params - they're just strings which # we're going to verify against the db - trick_taint($login_cookie); detaint_natural($user_id); my $db_cookie = $dbh->selectrow_array( diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm index 105c79ca2..65d74a4d2 100644 --- a/Bugzilla/Auth/Persist/Cookie.pm +++ b/Bugzilla/Auth/Persist/Cookie.pm @@ -38,7 +38,6 @@ sub persist_login { = Bugzilla::Token::GenerateUniqueToken('logincookies', 'cookie'); my $ip_addr = remote_ip(); - trick_taint($ip_addr); $dbh->do('INSERT INTO logincookies (cookie, userid, ipaddr, lastused) VALUES (?, ?, ?, NOW())', undef, $login_cookie, $user->id, $ip_addr); @@ -144,7 +143,6 @@ sub logout { # logged in and got the same cookie, we could be logging the other # user out here. Yes, this is very very very unlikely, but why take # chances? - bbaetz - map { trick_taint($_) } @login_cookies; @login_cookies = map { $dbh->quote($_) } @login_cookies; if ($type == LOGOUT_KEEP_CURRENT) { $dbh->do( diff --git a/Bugzilla/Auth/Verify.pm b/Bugzilla/Auth/Verify.pm index 20782e633..1436b37d2 100644 --- a/Bugzilla/Auth/Verify.pm +++ b/Bugzilla/Auth/Verify.pm @@ -47,7 +47,6 @@ sub create_or_update_user { my $username_user_id = login_to_id($username || ''); my $extern_user_id; if ($extern_id) { - trick_taint($extern_id); $extern_user_id = $dbh->selectrow_array( 'SELECT userid FROM profiles WHERE extern_id = ?', undef, $extern_id @@ -81,8 +80,6 @@ sub create_or_update_user { # external authentication # systems might follow different standards than ours. So in this - # place here, we call trick_taint without checks. - trick_taint($password); # XXX Theoretically this could fail with an error, but the fix for # that is too involved to be done right now. @@ -133,7 +130,6 @@ sub create_or_update_user { # $real_name is more than likely tainted, but we only use it # in a placeholder and we never use it after this. - trick_taint($real_name); $user->set_name($real_name); $user_updated = 1; } diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 102ea78e7..33ba6f6e8 100644 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -2368,7 +2368,6 @@ sub _check_tag_name { $tag = clean_text($tag); $tag || ThrowUserError('no_tag_to_edit'); ThrowUserError('tag_name_too_long') if length($tag) > MAX_LEN_QUERY_NAME; - trick_taint($tag); # Tags are all lowercase. return lc($tag); @@ -3451,7 +3450,6 @@ sub add_see_also { my $field_values = $class->run_create_validators($params); my $value = $field_values->{value}->as_string; - trick_taint($value); $field_values->{value} = $value; # We only add the new URI if it hasn't been added yet. URIs are @@ -4345,7 +4343,6 @@ sub bug_alias_to_id { my ($alias) = @_; return undef unless Bugzilla->params->{"usebugaliases"}; my $dbh = Bugzilla->dbh; - trick_taint($alias); return $dbh->selectrow_array("SELECT bug_id FROM bugs WHERE alias = ?", undef, $alias); } @@ -4445,7 +4442,6 @@ sub GetBugActivity { # Only consider changes since $starttime, if given. my $datepart = ""; if (defined $starttime) { - trick_taint($starttime); push(@args, $starttime); $datepart = "AND bug_when > ?"; } @@ -4674,8 +4670,6 @@ sub LogActivityEntry { else { $added = ""; # no more entries } - trick_taint($addstr); - trick_taint($removestr); my $fieldid = get_field_id($col); $dbh->do( "INSERT INTO bugs_activity diff --git a/Bugzilla/Comment.pm b/Bugzilla/Comment.pm index f5dcc56c2..79a133f84 100644 --- a/Bugzilla/Comment.pm +++ b/Bugzilla/Comment.pm @@ -172,7 +172,6 @@ sub update { $weighted->update(); } } - trick_taint($tag); $sth_delete->execute($self->id, $tag); $sth_activity->execute($self->bug_id, $self->id, Bugzilla->user->id, $when, '', $tag); @@ -187,7 +186,6 @@ sub update { else { Bugzilla::Comment::TagWeights->create({tag => $tag, weight => 1}); } - trick_taint($tag); $sth_insert->execute($self->id, $tag); $sth_activity->execute($self->bug_id, $self->id, Bugzilla->user->id, $when, $tag, ''); diff --git a/Bugzilla/DB.pm b/Bugzilla/DB.pm index efe91105e..dc66b8bfb 100644 --- a/Bugzilla/DB.pm +++ b/Bugzilla/DB.pm @@ -118,7 +118,6 @@ use constant INDEX_DROPS_REQUIRE_FK_DROPS => 1; sub quote { my $self = shift; my $retval = $self->dbh->quote(@_); - trick_taint($retval) if defined $retval; return $retval; } @@ -474,9 +473,6 @@ sub sql_fulltext_search { # in LIKE search clauses @words = map($self->quote("\%$_\%"), @words); - # untaint words, since they are safe to use now that we've quoted them - trick_taint($_) foreach @words; - # turn the words into a set of LIKE search clauses @words = map("LOWER($column) LIKE $_", @words); diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm index 9af2e7c7d..948cea288 100644 --- a/Bugzilla/DB/Mysql.pm +++ b/Bugzilla/DB/Mysql.pm @@ -181,9 +181,6 @@ sub sql_fulltext_search { # quote the text for use in the MATCH AGAINST expression $text = $self->quote($text); - # untaint the text, since it's safe to use now that we've quoted it - trick_taint($text); - return "MATCH($column) AGAINST($text $mode)"; } diff --git a/Bugzilla/DB/Oracle.pm b/Bugzilla/DB/Oracle.pm index 81ca1090f..aa53b5343 100644 --- a/Bugzilla/DB/Oracle.pm +++ b/Bugzilla/DB/Oracle.pm @@ -170,7 +170,6 @@ sub sql_from_days { sub sql_fulltext_search { my ($self, $column, $text) = @_; $text = $self->quote($text); - trick_taint($text); $fulltext_label++; return "CONTAINS($column,$text,$fulltext_label) > 0", "SCORE($fulltext_label)"; } diff --git a/Bugzilla/Elastic.pm b/Bugzilla/Elastic.pm index 805094f03..e856f9d82 100644 --- a/Bugzilla/Elastic.pm +++ b/Bugzilla/Elastic.pm @@ -9,7 +9,6 @@ use 5.10.1; use Moo; use Bugzilla::Elastic::Search; -use Bugzilla::Util qw(trick_taint); with 'Bugzilla::Elastic::Role::HasClient'; diff --git a/Bugzilla/Elastic/Search.pm b/Bugzilla/Elastic/Search.pm index 032f9b03a..a5831a36f 100644 --- a/Bugzilla/Elastic/Search.pm +++ b/Bugzilla/Elastic/Search.pm @@ -10,7 +10,6 @@ use 5.10.1; use Moo; use Bugzilla::Search; use Bugzilla::Search::Quicksearch; -use Bugzilla::Util qw(trick_taint); use namespace::clean; use Bugzilla::Elastic::Search::FakeCGI; @@ -104,9 +103,7 @@ sub data { $source->{relevance} = $hit->{_score}; foreach my $val (values %$source) { next unless defined $val; - trick_taint($val); } - trick_taint($hit->{_id}); if ($source) { $hits{$hit->{_id}} = [@$source{@fields}]; } diff --git a/Bugzilla/Extension.pm b/Bugzilla/Extension.pm index 901999978..c8c340c03 100644 --- a/Bugzilla/Extension.pm +++ b/Bugzilla/Extension.pm @@ -17,7 +17,6 @@ use Bugzilla::Install::Util qw( extension_code_files ); use File::Basename; use File::Spec; -use Taint::Util qw(untaint); BEGIN { push @INC, \&INC_HOOK } @@ -35,7 +34,6 @@ sub INC_HOOK { = Cwd::realpath(File::Spec->catpath($vol, File::Spec->catdir(@dirs), $file)); my $first = 1; - untaint($real_file); $INC{$fake_file} = $real_file; my $found = open my $fh, '<', $real_file; unless ($found) { @@ -48,7 +46,6 @@ sub INC_HOOK { if (!$first) { return 0 if eof $fh; $_ = readline $fh or return 0; - untaint($_); return 1; } else { diff --git a/Bugzilla/Field.pm b/Bugzilla/Field.pm index b0b7224dd..d94d92f4e 100644 --- a/Bugzilla/Field.pm +++ b/Bugzilla/Field.pm @@ -1466,7 +1466,6 @@ sub check_field { or !grep { $_ eq $value } @$legalsRef) { return 0 if $no_warn; # We don't want an error to be thrown; return. - trick_taint($name); my $field = new Bugzilla::Field({name => $name}); my $field_desc = $field ? $field->description : $name; @@ -1497,7 +1496,6 @@ sub get_field_id { my ($name) = @_; my $dbh = Bugzilla->dbh; - trick_taint($name); my $id = $dbh->selectrow_array( 'SELECT id FROM fielddefs WHERE name = ?', undef, $name diff --git a/Bugzilla/Flag.pm b/Bugzilla/Flag.pm index 673f5ce01..1291c4ba4 100644 --- a/Bugzilla/Flag.pm +++ b/Bugzilla/Flag.pm @@ -965,7 +965,6 @@ sub extract_flags_from_cgi { }); my $status = $cgi->param("flag_type-$type_id"); - trick_taint($status); my @logins = $cgi->param("requestee_type-$type_id"); if ($status eq "?" && scalar(@logins)) { diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm index 06159be5d..7acc860ff 100644 --- a/Bugzilla/FlagType.pm +++ b/Bugzilla/FlagType.pm @@ -345,7 +345,6 @@ sub _check_group { my ($invocant, $group) = @_; return unless $group; - trick_taint($group); $group = Bugzilla::Group->check($group); return $group->id; } @@ -682,7 +681,6 @@ sub sqlify_criteria { if ($criteria->{name}) { my $name = $dbh->quote($criteria->{name}); - trick_taint($name); # Detaint data as we have quoted it. push(@criteria, "flagtypes.name = $name"); } if ($criteria->{target_type}) { diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index 02c51ec98..ca4868443 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -31,7 +31,6 @@ use List::Util qw(first); use Tie::Hash::NamedCapture; use Safe; use Term::ANSIColor; -use Taint::Util qw(untaint); use Sys::Hostname qw(hostname); use parent qw(Exporter); @@ -124,17 +123,14 @@ sub _read_localconfig_from_env { foreach my $override (PARAM_OVERRIDE) { my $o_key = ENV_PREFIX . $override; $localconfig{param_override}{$override} = $ENV{$o_key}; - untaint($localconfig{param_override}{$override}); } } elsif (exists $ENV{$key}) { $localconfig{$name} = $ENV{$key}; - untaint($localconfig{$name}); } else { my $default = $var->{default}; $localconfig{$name} = ref($default) eq 'CODE' ? $default->() : $default; - untaint($localconfig{$name}); } } diff --git a/Bugzilla/Install/Util.pm b/Bugzilla/Install/Util.pm index a5522e134..6fd3a226a 100644 --- a/Bugzilla/Install/Util.pm +++ b/Bugzilla/Install/Util.pm @@ -137,7 +137,6 @@ sub extension_code_files { # We know that these paths are safe, because they came from # extensionsdir and we checked them specifically for their format. # Also, the only thing we ever do with them is pass them to "require". - trick_taint($_) foreach @load_files; push(@files, \@load_files); } @@ -308,7 +307,6 @@ sub _template_lang_directories { foreach my $dir (@add) { my $full_dir = "$templatedir/$lang/$dir"; if (-d $full_dir) { - trick_taint($full_dir); push(@result, $full_dir); } } @@ -593,14 +591,6 @@ use constant _cache => {}; # Copied from Bugzilla::Util # ############################## -sub trick_taint { - require Carp; - Carp::confess("Undef to trick_taint") unless defined $_[0]; - my $match = $_[0] =~ /^(.*)$/s; - $_[0] = $match ? $1 : undef; - return (defined($_[0])); -} - sub trim { my ($str) = @_; if ($str) { diff --git a/Bugzilla/Logging.pm b/Bugzilla/Logging.pm index 22c46b31c..f506ae9be 100644 --- a/Bugzilla/Logging.pm +++ b/Bugzilla/Logging.pm @@ -15,13 +15,11 @@ use Log::Log4perl::MDC; use File::Spec::Functions qw(rel2abs catfile); use Bugzilla::Constants qw(bz_locations); use English qw(-no_match_vars $PROGRAM_NAME); -use Taint::Util qw(untaint); sub logfile { my ($class, $name) = @_; my $file = rel2abs(catfile(bz_locations->{logsdir}, $name)); - untaint($file); return $file; } diff --git a/Bugzilla/MFA.pm b/Bugzilla/MFA.pm index 4ce03817d..bd28f6221 100644 --- a/Bugzilla/MFA.pm +++ b/Bugzilla/MFA.pm @@ -14,7 +14,6 @@ use warnings; use Bugzilla::RNG qw( irand ); use Bugzilla::Token qw( issue_short_lived_session_token set_token_extra_data get_token_extra_data delete_token ); -use Bugzilla::Util qw( trick_taint ); sub new { my ($class, $user) = @_; @@ -140,7 +139,6 @@ sub generate_recovery_codes { sub property_get { my ($self, $name) = @_; - trick_taint($name); return scalar Bugzilla->dbh->selectrow_array( "SELECT value FROM profile_mfa WHERE user_id = ? AND name = ?", @@ -149,8 +147,6 @@ sub property_get { sub property_set { my ($self, $name, $value) = @_; - trick_taint($name); - trick_taint($value); Bugzilla->dbh->do( "INSERT INTO profile_mfa (user_id, name, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", undef, $self->{user}->id, $name, $value, $value @@ -159,7 +155,6 @@ sub property_set { sub property_delete { my ($self, $name) = @_; - trick_taint($name); Bugzilla->dbh->do("DELETE FROM profile_mfa WHERE user_id = ? AND name = ?", undef, $self->{user}->id, $name); } diff --git a/Bugzilla/Memcached.pm b/Bugzilla/Memcached.pm index 2477f9224..b833e064f 100644 --- a/Bugzilla/Memcached.pm +++ b/Bugzilla/Memcached.pm @@ -16,7 +16,7 @@ use Log::Log4perl qw(:easy); use Bugzilla::Error; use Scalar::Util qw(blessed); use List::Util qw(sum); -use Bugzilla::Util qw(trick_taint trim); +use Bugzilla::Util qw(trim); use URI::Escape; use Encode; use Sys::Syslog qw(:DEFAULT); @@ -346,7 +346,6 @@ sub _bloomfilter_prefix { sub _encode_key { my ($self, $key) = @_; $key = $self->_global_prefix . '.' . uri_escape_utf8($key); - trick_taint($key) if defined $key; return length($self->{namespace} . $key) > MAX_KEY_LENGTH ? undef : $key; } diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm index 11a6a5895..bd108495a 100644 --- a/Bugzilla/Object.pm +++ b/Bugzilla/Object.pm @@ -161,7 +161,6 @@ sub _load_from_db { push(@values, @{$param->{'values'}}); } - map { trick_taint($_) } @values; $object_data = $dbh->selectrow_hashref("SELECT $columns FROM $table WHERE $condition", undef, @values); @@ -425,7 +424,6 @@ sub _do_list_select { # for the caller. So we copy the array. It's safe to untaint because # they're only used in placeholders here. my @untainted = @{$values || []}; - trick_taint($_) foreach @untainted; $objects = $dbh->selectall_arrayref($sql, {Slice => {}}, @untainted); $class->_serialisation_keys($objects->[0]) if @$objects; } @@ -474,7 +472,6 @@ sub set { if (exists $validators{$field}) { my $validator = $validators{$field}; $value = $self->$validator($value, $field); - trick_taint($value) if (defined $value && !ref($value)); if ($self->can('_set_global_validator')) { $self->_set_global_validator($value, $field); @@ -552,7 +549,6 @@ sub update { next; } - trick_taint($new) if defined $new; push(@values, $new); push(@update_columns, $column); @@ -731,7 +727,6 @@ sub run_create_validators { # We want people to be able to explicitly set fields to NULL, # and that means they can be set to undef. - trick_taint($value) if defined $value && !ref($value); $field_values{$field} = $value; } diff --git a/Bugzilla/PatchReader/AddCVSContext.pm b/Bugzilla/PatchReader/AddCVSContext.pm index 094ef6ed8..418ad6f41 100644 --- a/Bugzilla/PatchReader/AddCVSContext.pm +++ b/Bugzilla/PatchReader/AddCVSContext.pm @@ -34,11 +34,9 @@ sub my_rmtree { $this->my_rmtree($file); } else { - trick_taint($file); unlink $file; } } - trick_taint($dir); rmdir $dir; } @@ -215,7 +213,6 @@ sub push_context_lines { open(my $fh, '<', $this->{FILENAME}) or die "Could not open $this->{FILENAME}"; $this->{FILE} = $fh; $this->{NEXT_FILE_LINE} = 1; - trick_taint($olddir); # $olddir comes from getcwd() chdir($olddir) or die "Could not cd back to $olddir"; } @@ -240,10 +237,5 @@ sub push_context_lines { $this->{SECTION_END} = $i - 1; } -sub trick_taint { - $_[0] =~ /^(.*)$/s; - $_[0] = $1; - return (defined($_[0])); -} 1; diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm index 1dd5b72fb..dabe52efd 100644 --- a/Bugzilla/Search.pm +++ b/Bugzilla/Search.pm @@ -1884,7 +1884,6 @@ sub _handle_chart { $self->_chart_fields->{$field} or ThrowCodeError("invalid_field_name", {field => $field}); - trick_taint($field); # This is the field as you'd reference it in a SQL statement. my $full_field = $field =~ /\./ ? $field : "bugs.$field"; @@ -2091,7 +2090,6 @@ sub _quote_unless_numeric { my $is_numeric = $numeric_operator && $numeric_field && $numeric_value; if ($is_numeric) { my $quoted = $value; - trick_taint($quoted); return $quoted; } return Bugzilla->dbh->quote($value); diff --git a/Bugzilla/Search/Clause.pm b/Bugzilla/Search/Clause.pm index b0eaddeb0..35507c2ec 100644 --- a/Bugzilla/Search/Clause.pm +++ b/Bugzilla/Search/Clause.pm @@ -13,7 +13,6 @@ use warnings; use Bugzilla::Error; use Bugzilla::Search::Condition qw(condition); -use Bugzilla::Util qw(trick_taint); sub new { my ($class, $joiner) = @_; @@ -21,8 +20,6 @@ sub new { ThrowCodeError('search_invalid_joiner', {joiner => $joiner}); } - # This will go into SQL directly so needs to be untainted. - trick_taint($joiner) if $joiner; bless {joiner => $joiner || 'AND'}, $class; } diff --git a/Bugzilla/Search/ClauseGroup.pm b/Bugzilla/Search/ClauseGroup.pm index 5c063a803..f7f7b338b 100644 --- a/Bugzilla/Search/ClauseGroup.pm +++ b/Bugzilla/Search/ClauseGroup.pm @@ -15,7 +15,6 @@ use base qw(Bugzilla::Search::Clause); use Bugzilla::Error; use Bugzilla::Search::Condition qw(condition); -use Bugzilla::Util qw(trick_taint); use List::MoreUtils qw(uniq); use constant UNSUPPORTED_FIELDS => qw( diff --git a/Bugzilla/Series.pm b/Bugzilla/Series.pm index d89c2959a..7412e1516 100644 --- a/Bugzilla/Series.pm +++ b/Bugzilla/Series.pm @@ -159,7 +159,6 @@ sub initFromCGI { "subcategory", "name", "frequency", "public", "query_format" ); - trick_taint($self->{'query'}); $self->{'public'} = $cgi->param('public') ? 1 : 0; @@ -239,7 +238,6 @@ sub existsInDatabase { my $category_id = getCategoryID($self->{'category'}); my $subcategory_id = getCategoryID($self->{'subcategory'}); - trick_taint($self->{'name'}); my $series_id = $dbh->selectrow_array("SELECT series_id " . "FROM series WHERE category = $category_id " @@ -258,9 +256,6 @@ sub getCategoryID { # This seems for the best idiom for "Do A. Then maybe do B and A again." while (1) { - # We are quoting this to put it in the DB, so we can remove taint - trick_taint($category); - $category_id = $dbh->selectrow_array("SELECT id " . "from series_categories " diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 6fbc3eeab..4db8085bf 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -101,8 +101,6 @@ sub get_format { # Security - allow letters and a hyphen only $ctype =~ s/[^a-zA-Z\-]//g; $format =~ s/[^a-zA-Z\-]//g; - trick_taint($ctype); - trick_taint($format); $template .= ($format ? "-$format" : ""); $template .= ".$ctype.tmpl"; diff --git a/Bugzilla/Template/PreloadProvider.pm b/Bugzilla/Template/PreloadProvider.pm index 6d963f31f..014173bc0 100644 --- a/Bugzilla/Template/PreloadProvider.pm +++ b/Bugzilla/Template/PreloadProvider.pm @@ -21,8 +21,6 @@ use Template::Constants qw( STATUS_ERROR ); use Template::Document; use Template::Config; -use Bugzilla::Util qw(trick_taint); - sub _init { my $self = shift; $self->SUPER::_init(@_); @@ -41,7 +39,6 @@ sub _init { unless ($search->{$key}) { $search->{$key} = $name; } - trick_taint($name); my $data = { path => $name, name => $key, @@ -52,7 +49,6 @@ sub _init { }, time => (stat($name))[9], }; - trick_taint($data->{text}) if $data->{text}; $cache->{$name} = $self->_bz_compile($data) or die "compile error: $name"; } }; diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 3398e236a..7c9137085 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -370,7 +370,6 @@ sub Cancel { $vars ||= {}; # Get information about the token being canceled. - trick_taint($token); my ($db_token, $issuedate, $tokentype, $eventdata, $userid) = $dbh->selectrow_array( 'SELECT token, ' @@ -451,7 +450,6 @@ sub GetTokenData { return unless defined $token; $token = clean_text($token); - trick_taint($token); my @token_data = $dbh->selectrow_array( "SELECT token, userid, " @@ -475,7 +473,6 @@ sub delete_token { my $dbh = Bugzilla->dbh; return unless defined $token; - trick_taint($token); $dbh->do("DELETE FROM tokens WHERE token = ?", undef, $token); } @@ -543,7 +540,6 @@ sub set_token_extra_data { sub get_token_extra_data { my ($token) = @_; - trick_taint($token); my ($data) = Bugzilla->dbh->selectrow_array( "SELECT extra_data FROM token_data WHERE token = ?", @@ -565,8 +561,6 @@ sub _create_token { my $dbh = Bugzilla->dbh; detaint_natural($userid) if defined $userid; - trick_taint($tokentype); - trick_taint($eventdata); my $is_shadow = Bugzilla->is_shadow_db; $dbh = Bugzilla->switch_to_main_db() if $is_shadow; diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 6b986d744..bf5211f11 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -2091,7 +2091,6 @@ sub match { if ($wildstr =~ s/\*/\%/g && $user->id) { # Build the query. - trick_taint($wildstr); my $query = "SELECT DISTINCT userid FROM profiles "; if (Bugzilla->params->{'usevisibilitygroups'}) { $query .= "INNER JOIN user_group_map @@ -2117,7 +2116,6 @@ sub match { } else { # try an exact match # Exact matches don't care if a user is disabled. - trick_taint($str); my $user_id = $dbh->selectrow_array( 'SELECT userid FROM profiles WHERE ' @@ -2129,7 +2127,6 @@ sub match { # then try substring search if (!scalar(@users) && length($str) >= 3 && $user->id) { - trick_taint($str); my $query = "SELECT DISTINCT userid FROM profiles "; if (Bugzilla->params->{'usevisibilitygroups'}) { @@ -2720,7 +2717,6 @@ sub account_is_locked_out { sub note_login_failure { my $self = shift; my $ip_addr = remote_ip(); - trick_taint($ip_addr); Bugzilla->dbh->do( "INSERT INTO login_failure (user_id, ip_addr, login_time) VALUES (?, ?, LOCALTIMESTAMP(0))", undef, $self->id, $ip_addr @@ -2731,7 +2727,6 @@ sub note_login_failure { sub clear_login_failures { my $self = shift; my $ip_addr = remote_ip(); - trick_taint($ip_addr); Bugzilla->dbh->do('DELETE FROM login_failure WHERE user_id = ? AND ip_addr = ?', undef, $self->id, $ip_addr); delete $self->{account_ip_login_failures}; @@ -2743,7 +2738,6 @@ sub account_ip_login_failures { my $time = $dbh->sql_date_math('LOCALTIMESTAMP(0)', '-', LOGIN_LOCKOUT_INTERVAL, 'MINUTE'); my $ip_addr = remote_ip(); - trick_taint($ip_addr); $self->{account_ip_login_failures} ||= Bugzilla->dbh->selectall_arrayref( "SELECT login_time, ip_addr, user_id FROM login_failure WHERE user_id = ? AND login_time > $time @@ -2766,9 +2760,6 @@ sub is_available_username { my $dbh = Bugzilla->dbh; - # $username is safe because it is only used in SELECT placeholders. - trick_taint($username); - # Reject if the new login is part of an email change which is # still in progress # @@ -2846,9 +2837,6 @@ sub login_to_id { $user_id = $cache->{$login}; } else { - # No need to validate $login -- it will be used by the following SELECT - # statement only, so it's safe to simply trick_taint. - trick_taint($login); $user_id = $dbh->selectrow_array( "SELECT userid FROM profiles WHERE " . $dbh->sql_istrcmp('login_name', '?'), undef, $login diff --git a/Bugzilla/User/Setting.pm b/Bugzilla/User/Setting.pm index e08f3bd8c..ff94f9868 100644 --- a/Bugzilla/User/Setting.pm +++ b/Bugzilla/User/Setting.pm @@ -23,7 +23,7 @@ use base qw(Exporter); ); use Bugzilla::Error; -use Bugzilla::Util qw(trick_taint get_text); +use Bugzilla::Util qw(get_text); use Module::Runtime qw(require_module); ############################### @@ -286,7 +286,7 @@ sub validate_value { my $self = shift; if (grep(/^$_[0]$/, @{$self->legal_values()})) { - trick_taint($_[0]); + # do nothing } else { ThrowCodeError('setting_value_invalid', diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 252f91822..128642f0b 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -12,7 +12,7 @@ use strict; use warnings; use base qw(Exporter); -@Bugzilla::Util::EXPORT = qw(trick_taint detaint_natural +@Bugzilla::Util::EXPORT = qw(detaint_natural detaint_signed with_writable_database with_readonly_database html_quote url_quote xml_quote @@ -45,7 +45,6 @@ use English qw(-no_match_vars $EGID); use List::MoreUtils qw(any none); use POSIX qw(floor ceil); use Scalar::Util qw(tainted blessed); -use Taint::Util qw(untaint); use Text::Wrap; use Try::Tiny; @@ -75,12 +74,6 @@ sub with_readonly_database(&) { $code->(); } -sub trick_taint { - untaint($_[0]); - - return defined $_[0]; -} - sub detaint_natural { my $match = $_[0] =~ /^(\d+)$/; $_[0] = $match ? int($1) : undef; @@ -424,9 +417,6 @@ sub is_ipv6 { my $ipv6 = join(':', @chunks); - # The IP address is valid and can now be detainted. - untaint($ipv6); - # Need to handle the exception of trailing :: being valid. return "${ipv6}::" if $ip =~ /::$/; return $ipv6; @@ -722,12 +712,6 @@ sub bz_crypt { # Crypt the password. $crypted_password = crypt($password, $salt); - - # HACK: Perl has bug where returned crypted password is considered - # tainted. See http://rt.perl.org/rt3/Public/Bug/Display.html?id=59998 - unless (tainted($password) || tainted($salt)) { - untaint($crypted_password); - } } else { my $hasher = Digest->new($algorithm); @@ -771,8 +755,6 @@ sub validate_email_syntax { && $email =~ /^$addr_spec$/ && length($email) <= 127) { - # We assume these checks to suffice to consider the address untainted. - untaint($_[0]); return 1; } return 0; @@ -993,7 +975,6 @@ Bugzilla::Util - Generic utility functions for bugzilla use Bugzilla::Util; # Functions for dealing with variable tainting - trick_taint($var); detaint_natural($var); detaint_signed($var); @@ -1056,17 +1037,6 @@ with care> to avoid security holes. =over 4 -=item C - -Tricks perl into untainting a particular variable. - -Use trick_taint() when you know that there is no way that the data -in a scalar can be tainted, but taint mode still bails on it. - -B - =item C This routine detaints a natural number. It returns a true value if the diff --git a/Bugzilla/WebService/Bug.pm b/Bugzilla/WebService/Bug.pm index 9f00675f1..78c4ddc42 100644 --- a/Bugzilla/WebService/Bug.pm +++ b/Bugzilla/WebService/Bug.pm @@ -23,7 +23,7 @@ use Bugzilla::WebService::Util qw(extract_flags filter filter_wants validate translate); use Bugzilla::Bug; use Bugzilla::BugMail; -use Bugzilla::Util qw(trick_taint trim detaint_natural remote_ip); +use Bugzilla::Util qw(trim detaint_natural remote_ip); use Bugzilla::Version; use Bugzilla::Milestone; use Bugzilla::Status; @@ -898,7 +898,6 @@ sub legal_values { if (grep($_->name eq $field, @global_selects)) { # The field is a valid one. - trick_taint($field); $values = get_legal_field_values($field); } elsif (grep($_ eq $field, PRODUCT_SPECIFIC_FIELDS)) { diff --git a/Bugzilla/WebService/Elastic.pm b/Bugzilla/WebService/Elastic.pm index 373f6db58..b4bb1e2ae 100644 --- a/Bugzilla/WebService/Elastic.pm +++ b/Bugzilla/WebService/Elastic.pm @@ -28,7 +28,7 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::WebService::Util qw(validate); -use Bugzilla::Util qw(trim detaint_natural trick_taint); +use Bugzilla::Util qw(trim detaint_natural ); use constant READ_ONLY => qw( suggest_users ); use constant PUBLIC_METHODS => qw( suggest_users ); @@ -44,7 +44,6 @@ sub suggest_users { ThrowUserError('user_access_by_match_denied') unless Bugzilla->user->id; - trick_taint($params->{match}); my $results = Bugzilla->elastic->suggest_users($params->{match} . ""); my @users = map { { real_name => $self->type(string => $_->{real_name}), diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index 5f60c9fc1..4fbdb125c 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -24,7 +24,6 @@ use Bugzilla::WebService::Util qw(filter filter_wants validate use Bugzilla::Hook; use List::Util qw(first); -use Taint::Util qw(untaint); # Don't need auth to login use constant LOGIN_EXEMPT => {login => 1, offer_account_by_email => 1,}; @@ -140,7 +139,6 @@ sub suggest { ThrowUserError('user_access_by_match_denied') unless Bugzilla->user->id; - untaint($params->{match}); my $s = $params->{match}; trim($s); return {users => []} if length($s) < 3; diff --git a/Makefile.PL b/Makefile.PL index 9df452927..ad1e692c0 100755 --- a/Makefile.PL +++ b/Makefile.PL @@ -89,7 +89,6 @@ my %requires = ( 'Scope::Guard' => '0.21', 'Sereal' => '4.004', 'Sub::Quote' => '2.005000', - 'Taint::Util' => '0.08', 'Template' => '2.24', 'Text::CSV_XS' => '1.26', 'Throwable' => '0.200013', diff --git a/auth.cgi b/auth.cgi index 3fc5f50d9..1f80711d4 100755 --- a/auth.cgi +++ b/auth.cgi @@ -16,7 +16,6 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Hook; -use Bugzilla::Util qw(trick_taint); use Bugzilla::Token qw(issue_auth_delegation_token check_auth_delegation_token); use Bugzilla::Mailer qw(MessageToMTA); @@ -39,9 +38,6 @@ my $callback = $cgi->param('callback') my $description = $cgi->param('description') or ThrowUserError("auth_delegation_missing_description"); -trick_taint($callback); -trick_taint($description); - ThrowUserError("auth_delegation_invalid_description") unless $description =~ /^[\w\s]{3,255}$/; @@ -76,7 +72,6 @@ if ($confirmed || $skip_confirmation) { my $token = $cgi->param('token'); unless ($skip_confirmation) { ThrowUserError("auth_delegation_missing_token") unless $token; - trick_taint($token); unless (check_auth_delegation_token($token, $callback)) { ThrowUserError('auth_delegation_invalid_token', diff --git a/buglist.cgi b/buglist.cgi index 660c238ed..ca8967f20 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -350,11 +350,10 @@ if ($cmdtype eq "dorem") { elsif ($remaction eq "forget") { $user = Bugzilla->login(LOGIN_REQUIRED); - # Copy the name into a variable, so that we can trick_taint it for + # Copy the name into a variable for # the DB. We know it's safe, because we're using placeholders in # the SQL, and the SQL is only a DELETE. my $qname = $cgi->param('namedcmd'); - trick_taint($qname); # Do not forget the saved search if it is being used in a whine my $whines_in_use = $dbh->selectcol_arrayref( @@ -547,8 +546,8 @@ else { # Weed out columns that don't actually exist to prevent the user # from hacking their column list cookie to grab data to which they -# should not have access. Detaint the data along the way. -@displaycolumns = grep($columns->{$_} && trick_taint($_), @displaycolumns); +# should not have access. +@displaycolumns = grep { $columns->{$_} } @displaycolumns; # Remove the "ID" column from the list because bug IDs are always displayed # and are hard-coded into the display templates. diff --git a/editclassifications.cgi b/editclassifications.cgi index b48e06c4c..d1eb7ed04 100755 --- a/editclassifications.cgi +++ b/editclassifications.cgi @@ -201,7 +201,6 @@ if ($action eq 'reclassify') { check_token_data($token, 'reclassify_classifications'); if (defined $cgi->param('prodlist')) { foreach my $prod ($cgi->param("prodlist")) { - trick_taint($prod); $sth->execute($classification->id, $prod); push @names, $prod; } @@ -212,7 +211,6 @@ if ($action eq 'reclassify') { check_token_data($token, 'reclassify_classifications'); if (defined $cgi->param('myprodlist')) { foreach my $prod ($cgi->param("myprodlist")) { - trick_taint($prod); $sth->execute(1, $prod); push @names, $prod; } diff --git a/editgroups.cgi b/editgroups.cgi index 9a059add4..91bf2d9ef 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -66,7 +66,6 @@ sub CheckGroupID { sub CheckGroupRegexp { my ($regexp) = @_; $regexp = trim($regexp || ''); - trick_taint($regexp); ThrowUserError("invalid_regexp") unless (eval {qr/$regexp/}); return $regexp; } diff --git a/editusers.cgi b/editusers.cgi index a815a9512..278393c6f 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -151,10 +151,6 @@ elsif ($action eq 'list') { $matchstr = '' unless defined $matchstr; } - # We can trick_taint because we use the value in a SELECT only, - # using a placeholder. - trick_taint($matchstr); - if ($matchtype eq 'regexp') { $query .= $dbh->sql_regexp($expr, '?', 0, $dbh->quote($matchstr)); } diff --git a/editwhines.cgi b/editwhines.cgi index 0ff0d88f8..b61bfa4a2 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -127,9 +127,6 @@ if ($cgi->param('update')) { my $body = ($cgi->param("event_${eventid}_body") or ''); my $mailifnobugs = $cgi->param("event_${eventid}_mailifnobugs") ? 1 : 0; - trick_taint($subject) if $subject; - trick_taint($body) if $body; - if ( ($subject ne $events->{$eventid}->subject) || ($mailifnobugs != $events->{$eventid}->mail_if_no_bugs) || ($body ne $events->{$eventid}->body)) @@ -224,7 +221,6 @@ if ($cgi->param('update')) { elsif ($mailto_type == MAILTO_GROUP) { # The group name is used in a placeholder. - trick_taint($mailto); $mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user)) || ThrowUserError('invalid_group_name', {name => $mailto}); } @@ -242,10 +238,6 @@ if ($cgi->param('update')) { || ($o_mailto ne $mailto) || ($o_mailto_type != $mailto_type)) { - - trick_taint($day); - trick_taint($time); - # the schedule table must be locked $sth = $dbh->prepare("UPDATE whine_schedules " @@ -296,8 +288,6 @@ if ($cgi->param('update')) { { detaint_natural($sort); - trick_taint($queryname); - trick_taint($title); $sth = $dbh->prepare("UPDATE whine_queries " diff --git a/extensions/AntiSpam/Extension.pm b/extensions/AntiSpam/Extension.pm index 990130c8e..bc0ff862b 100644 --- a/extensions/AntiSpam/Extension.pm +++ b/extensions/AntiSpam/Extension.pm @@ -15,7 +15,7 @@ use base qw(Bugzilla::Extension); use Bugzilla::Error; use Bugzilla::Group; -use Bugzilla::Util qw(remote_ip trick_taint); +use Bugzilla::Util qw(remote_ip); use Email::Address; use Socket; @@ -101,7 +101,6 @@ sub _domain_blocking { sub _ip_blocking { my ($self, $login) = @_; my $ip = remote_ip(); - trick_taint($ip); my $blocked = Bugzilla->dbh->selectrow_array( "SELECT 1 FROM antispam_ip_blocklist WHERE ip_address=?", @@ -192,7 +191,6 @@ sub comment_after_add_tag { return if $author->comment_count < $count; # get user's comments - trick_taint($tag); my $comments = Bugzilla->dbh->selectall_arrayref(" SELECT longdescs.comment_id,longdescs_tags.id FROM longdescs diff --git a/extensions/BMO/Extension.pm b/extensions/BMO/Extension.pm index c5551e134..6d368deeb 100644 --- a/extensions/BMO/Extension.pm +++ b/extensions/BMO/Extension.pm @@ -1130,7 +1130,6 @@ sub bug_end_of_create { # store user-agent if (my $ua = Bugzilla->cgi->user_agent) { - trick_taint($ua); Bugzilla->dbh->do( "INSERT INTO bug_user_agent (bug_id, user_agent) VALUES (?, ?)", undef, $bug->id, $ua); @@ -2438,7 +2437,6 @@ sub query_database { } check_hash_token($input->{token}, ['query_database']); - trick_taint($query); $vars->{executed} = 1; # add limit if missing diff --git a/extensions/BMO/lib/Reports/ReleaseTracking.pm b/extensions/BMO/lib/Reports/ReleaseTracking.pm index 5e686b59b..79f5b1623 100644 --- a/extensions/BMO/lib/Reports/ReleaseTracking.pm +++ b/extensions/BMO/lib/Reports/ReleaseTracking.pm @@ -15,7 +15,7 @@ use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Field; use Bugzilla::FlagType; -use Bugzilla::Util qw(trick_taint validate_date); +use Bugzilla::Util qw(validate_date); use JSON qw(-convert_blessed_universally); use List::MoreUtils qw(uniq); @@ -340,7 +340,6 @@ sub _parse_query { my $flag_name = shift @query; @{Bugzilla::FlagType::match({name => $flag_name, is_active => 1})} or ThrowUserError('report_invalid_parameter', {name => 'flag_name'}); - trick_taint($flag_name); $query->{flag_name} = $flag_name; # flag_status diff --git a/extensions/BMO/lib/WebService.pm b/extensions/BMO/lib/WebService.pm index 4c9187254..00808c7d1 100644 --- a/extensions/BMO/lib/WebService.pm +++ b/extensions/BMO/lib/WebService.pm @@ -27,7 +27,7 @@ use base qw(Bugzilla::WebService); use Bugzilla::Constants; use Bugzilla::Error; -use Bugzilla::Util qw(detaint_natural trick_taint); +use Bugzilla::Util qw(detaint_natural); use Bugzilla::WebService::Util qw(validate); use Bugzilla::Field; diff --git a/extensions/BugModal/Extension.pm b/extensions/BugModal/Extension.pm index 21d961d7b..92240cc04 100644 --- a/extensions/BugModal/Extension.pm +++ b/extensions/BugModal/Extension.pm @@ -18,7 +18,7 @@ use Bugzilla::Extension::BugModal::MonkeyPatches; use Bugzilla::Extension::BugModal::Util qw(date_str_to_time); use Bugzilla::Constants; use Bugzilla::User::Setting; -use Bugzilla::Util qw(trick_taint datetime_from html_quote time_ago); +use Bugzilla::Util qw(datetime_from html_quote time_ago); use List::MoreUtils qw(any); use Template::Stash; use JSON::XS qw(encode_json); diff --git a/extensions/BugModal/lib/WebService.pm b/extensions/BugModal/lib/WebService.pm index 5f3308327..a5571ec35 100644 --- a/extensions/BugModal/lib/WebService.pm +++ b/extensions/BugModal/lib/WebService.pm @@ -22,7 +22,6 @@ use Bugzilla::Milestone; use Bugzilla::Product; use Bugzilla::Version; use List::MoreUtils qw(any first_value); -use Taint::Util qw(untaint); # these methods are much lighter than our public API calls @@ -95,7 +94,6 @@ sub initial_field_values { sub product_info { my ($self, $params) = @_; if (!ref $params->{product_name}) { - untaint($params->{product_name}); } else { ThrowCodeError('params_required', diff --git a/extensions/BzAPI/Extension.pm b/extensions/BzAPI/Extension.pm index e76c1bdf8..e4689596c 100644 --- a/extensions/BzAPI/Extension.pm +++ b/extensions/BzAPI/Extension.pm @@ -17,7 +17,7 @@ use Bugzilla::Extension::BzAPI::Constants; use Bugzilla::Extension::BzAPI::Util qw(fix_credentials filter_wants_nocache); use Bugzilla::Error; -use Bugzilla::Util qw(trick_taint datetime_from); +use Bugzilla::Util qw(datetime_from); use Bugzilla::Constants; use Bugzilla::Install::Filesystem; use Bugzilla::WebService::Constants; @@ -269,7 +269,6 @@ sub _preload_handlers { my $all_handlers = {}; foreach my $module (_resource_modules()) { my $resource_class = "Bugzilla::Extension::BzAPI::Resources::$module"; - trick_taint($resource_class); eval { require_module($resource_class) }; next if ($@ || !$resource_class->can('rest_handlers')); my $handlers = $resource_class->rest_handlers; diff --git a/extensions/BzAPI/lib/Resources/Bug.pm b/extensions/BzAPI/lib/Resources/Bug.pm index ee76ddbcd..8c5881874 100644 --- a/extensions/BzAPI/lib/Resources/Bug.pm +++ b/extensions/BzAPI/lib/Resources/Bug.pm @@ -14,7 +14,7 @@ use warnings; use Bugzilla::Bug; use Bugzilla::Error; use Bugzilla::Token qw(issue_hash_token); -use Bugzilla::Util qw(trick_taint diff_arrays); +use Bugzilla::Util qw(diff_arrays); use Bugzilla::WebService::Constants; use Bugzilla::Extension::BzAPI::Util; @@ -145,13 +145,13 @@ sub get_bug_count_resource { # Validate the values in the axis fields or throw an error. !$row_field - || ($valid_columns->{$row_field} && trick_taint($row_field)) + || $valid_columns->{$row_field} || ThrowCodeError("report_axis_invalid", {fld => "x", val => $row_field}); !$col_field - || ($valid_columns->{$col_field} && trick_taint($col_field)) + || $valid_columns->{$col_field} || ThrowCodeError("report_axis_invalid", {fld => "y", val => $col_field}); !$tbl_field - || ($valid_columns->{$tbl_field} && trick_taint($tbl_field)) + || $valid_columns->{$tbl_field} || ThrowCodeError("report_axis_invalid", {fld => "z", val => $tbl_field}); my @axis_fields = grep {$_} ($row_field, $col_field, $tbl_field); diff --git a/extensions/ComponentWatching/Extension.pm b/extensions/ComponentWatching/Extension.pm index 7065318ba..c1051111c 100644 --- a/extensions/ComponentWatching/Extension.pm +++ b/extensions/ComponentWatching/Extension.pm @@ -18,7 +18,7 @@ use Bugzilla::Error; use Bugzilla::Group; use Bugzilla::User; use Bugzilla::User::Setting; -use Bugzilla::Util qw(detaint_natural trim trick_taint); +use Bugzilla::Util qw(detaint_natural trim); our $VERSION = '2'; @@ -571,7 +571,6 @@ sub _addPrefixWatch { my ($user, $product, $prefix) = @_; my $dbh = Bugzilla->dbh; - trick_taint($prefix); my $sth = $dbh->prepare(" SELECT 1 FROM component_watch diff --git a/extensions/EditComments/Extension.pm b/extensions/EditComments/Extension.pm index a1eaee940..0a3962c7e 100644 --- a/extensions/EditComments/Extension.pm +++ b/extensions/EditComments/Extension.pm @@ -243,7 +243,6 @@ sub bug_end_of_update { && defined $params->{"edit_comment_checkbox_$comment_id"} && $params->{"edit_comment_checkbox_$comment_id"} == 'on') ? 1 : 0; - trick_taint($new_comment); $dbh->do( "UPDATE longdescs SET thetext = ?, edit_count = edit_count + 1 WHERE comment_id = ?", undef, $new_comment, $comment_id diff --git a/extensions/EditComments/lib/WebService.pm b/extensions/EditComments/lib/WebService.pm index 338cc3907..fe677e1e5 100644 --- a/extensions/EditComments/lib/WebService.pm +++ b/extensions/EditComments/lib/WebService.pm @@ -18,7 +18,7 @@ use Bugzilla::Comment; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Template; -use Bugzilla::Util qw(trick_taint trim); +use Bugzilla::Util qw(trim); use Bugzilla::WebService::Util qw(validate); use constant PUBLIC_METHODS => qw( @@ -124,7 +124,6 @@ sub update_comment { && $params->{is_hidden} == 1) ? 1 : 0; # Update the `longdescs` (comments) table - trick_taint($new_comment); $dbh->do( 'UPDATE longdescs SET thetext = ?, edit_count = edit_count + 1 WHERE comment_id = ?', undef, $new_comment, $comment_id diff --git a/extensions/EditTable/Extension.pm b/extensions/EditTable/Extension.pm index a6d01be65..ad6f7f5fc 100644 --- a/extensions/EditTable/Extension.pm +++ b/extensions/EditTable/Extension.pm @@ -25,7 +25,6 @@ use base qw(Bugzilla::Extension); use Bugzilla::Error; use Bugzilla::Hook; use Bugzilla::Token; -use Bugzilla::Util qw(trick_taint); use JSON; use Storable qw(dclone); @@ -68,7 +67,6 @@ sub page_before_template { my $id_field = $table->{id_field}; my $order_by = $table->{order_by} || $id_field; my $group = $table->{group} || 'admin'; - trick_taint($table_name); Bugzilla->user->in_group($group) || ThrowUserError('auth_failure', @@ -94,7 +92,6 @@ sub page_before_template { $dbh->bz_start_transaction; foreach my $row (@$data) { - map { trick_taint($_) } @$row; if ($row->[0] eq '-') { # add diff --git a/extensions/Ember/lib/WebService.pm b/extensions/Ember/lib/WebService.pm index 6ad33cd81..d42e04297 100644 --- a/extensions/Ember/lib/WebService.pm +++ b/extensions/Ember/lib/WebService.pm @@ -21,7 +21,6 @@ use Bugzilla::Product; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Field; -use Bugzilla::Util qw(trick_taint); use Bugzilla::Extension::Ember::FakeBug; @@ -144,7 +143,6 @@ sub show { # Only return changes since last_updated if provided my $last_updated = delete $params->{last_updated}; if ($last_updated) { - trick_taint($last_updated); my $updated_fields = $dbh->selectcol_arrayref( 'SELECT fieldid FROM bugs_activity @@ -244,7 +242,6 @@ sub bug { # Only return changes since last_updated if provided my $last_updated = delete $params->{last_updated}; if ($last_updated) { - trick_taint($last_updated); my $updated_fields = $dbh->selectcol_arrayref( 'SELECT fielddefs.name FROM fielddefs INNER JOIN bugs_activity diff --git a/extensions/FlagTypeComment/Extension.pm b/extensions/FlagTypeComment/Extension.pm index e0a0fd77b..e5892fcbe 100644 --- a/extensions/FlagTypeComment/Extension.pm +++ b/extensions/FlagTypeComment/Extension.pm @@ -29,7 +29,6 @@ use base qw(Bugzilla::Extension); use Bugzilla::Extension::FlagTypeComment::Constants; use Bugzilla::FlagType; -use Bugzilla::Util qw(trick_taint); use Scalar::Util qw(blessed); our $VERSION = '1'; @@ -84,7 +83,6 @@ sub _set_ftc_states { } else { ($target_type, $id) = ($type->{target_type}, $type->{id}); - trick_taint($id) if $id; } if ($target_type eq 'bug') { return unless FLAGTYPE_COMMENT_BUG_FLAGS; @@ -167,7 +165,6 @@ sub _set_flagtypes { my $text = $input->{"ftc_${flagtype_id}_$state"} || $input->{"ftc_new_$state"} || ''; $text =~ s/\r\n/\n/g; - trick_taint($text); if ($text ne '') { if ($dbh->selectrow_array( diff --git a/extensions/GitHubAuth/Extension.pm b/extensions/GitHubAuth/Extension.pm index 1726684e8..46523d2fc 100644 --- a/extensions/GitHubAuth/Extension.pm +++ b/extensions/GitHubAuth/Extension.pm @@ -16,7 +16,6 @@ use parent qw(Bugzilla::Extension); use Bugzilla::Extension::GitHubAuth::Client; use Bugzilla::Error; -use Bugzilla::Util qw(trick_taint); use List::Util qw(first); use URI; use URI::QueryParam; diff --git a/extensions/GitHubAuth/lib/Login.pm b/extensions/GitHubAuth/lib/Login.pm index df3195bc7..c0165c5ac 100644 --- a/extensions/GitHubAuth/lib/Login.pm +++ b/extensions/GitHubAuth/lib/Login.pm @@ -17,7 +17,7 @@ use fields qw(github_failure); use Scalar::Util qw(blessed); use Bugzilla::Constants qw(AUTH_NODATA AUTH_ERROR USAGE_MODE_BROWSER); -use Bugzilla::Util qw(trick_taint generate_random_password); +use Bugzilla::Util qw(generate_random_password); use Bugzilla::Token qw(issue_short_lived_session_token set_token_extra_data); use List::MoreUtils qw(any); use Bugzilla::Extension::GitHubAuth::Client; @@ -77,8 +77,6 @@ sub _get_login_info_from_github { return {failure => AUTH_ERROR, error => 'github_missing_code'} unless $code; - trick_taint($code); - my $client = Bugzilla::Extension::GitHubAuth::Client->new; my ($access_token, $emails); @@ -165,7 +163,6 @@ sub _get_login_info_from_email { user_error => 'github_invalid_email', details => {email => ''} }; - trick_taint($email); unless (any { $_ eq $email } @{Bugzilla->request_cache->{github_emails}}) { return { diff --git a/extensions/MyDashboard/lib/WebService.pm b/extensions/MyDashboard/lib/WebService.pm index 6638bacf2..cc6b96c1a 100644 --- a/extensions/MyDashboard/lib/WebService.pm +++ b/extensions/MyDashboard/lib/WebService.pm @@ -14,7 +14,7 @@ use base qw(Bugzilla::WebService Bugzilla::WebService::Bug); use Bugzilla::Constants; use Bugzilla::Error; -use Bugzilla::Util qw(detaint_natural trick_taint template_var datetime_from); +use Bugzilla::Util qw(detaint_natural template_var datetime_from); use Bugzilla::WebService::Util qw(validate); use Bugzilla::Extension::MyDashboard::Queries @@ -39,9 +39,6 @@ sub run_last_changes { my $dbh = Bugzilla->dbh; my $user = Bugzilla->login(LOGIN_REQUIRED); - trick_taint($params->{changeddate_api}); - trick_taint($params->{bug_id}); - my $last_comment_sql = " SELECT comment_id FROM longdescs diff --git a/extensions/PhabBugz/lib/Util.pm b/extensions/PhabBugz/lib/Util.pm index b6d5a54ce..c81069367 100644 --- a/extensions/PhabBugz/lib/Util.pm +++ b/extensions/PhabBugz/lib/Util.pm @@ -21,7 +21,6 @@ use Bugzilla::Extension::PhabBugz::Constants; use Bugzilla::Extension::PhabBugz::Types qw(:types); use List::Util qw(first); -use Taint::Util qw(untaint); use Try::Tiny; use Type::Params qw( compile ); use Type::Utils; diff --git a/extensions/PhabBugz/lib/WebService.pm b/extensions/PhabBugz/lib/WebService.pm index 9ecaff58b..4e555b977 100644 --- a/extensions/PhabBugz/lib/WebService.pm +++ b/extensions/PhabBugz/lib/WebService.pm @@ -18,7 +18,7 @@ use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Logging; use Bugzilla::User; -use Bugzilla::Util qw(detaint_natural trick_taint); +use Bugzilla::Util qw(detaint_natural); use Bugzilla::WebService::Constants; use Types::Standard qw(-types slurpy); use Type::Params qw(compile); diff --git a/extensions/ProdCompSearch/lib/WebService.pm b/extensions/ProdCompSearch/lib/WebService.pm index b47b4a402..2242d083d 100644 --- a/extensions/ProdCompSearch/lib/WebService.pm +++ b/extensions/ProdCompSearch/lib/WebService.pm @@ -14,7 +14,7 @@ use warnings; use base qw(Bugzilla::WebService); use Bugzilla::Error; -use Bugzilla::Util qw(detaint_natural trick_taint trim); +use Bugzilla::Util qw(detaint_natural trim); ############# # Constants # @@ -90,7 +90,6 @@ sub prod_comp_search { return {products => []} if !scalar @$enterable_ids; - trick_taint($search); my @terms; my @order; diff --git a/extensions/Push/lib/Admin.pm b/extensions/Push/lib/Admin.pm index d86d30a62..aa78b2d03 100644 --- a/extensions/Push/lib/Admin.pm +++ b/extensions/Push/lib/Admin.pm @@ -15,7 +15,7 @@ use Bugzilla; use Bugzilla::Error; use Bugzilla::Extension::Push::Util; use Bugzilla::Token qw(check_hash_token); -use Bugzilla::Util qw(trim detaint_natural trick_taint); +use Bugzilla::Util qw(trim detaint_natural ); use base qw(Exporter); our @EXPORT = qw( @@ -69,7 +69,6 @@ sub _update_config_from_form { # update foreach my $option ($config->options) { my $option_name = $option->{name}; - trick_taint($values->{$option_name}); $config->{$option_name} = $values->{$option_name}; } $config->update(); diff --git a/extensions/Push/lib/Connector.disabled/ServiceNow.pm b/extensions/Push/lib/Connector.disabled/ServiceNow.pm index 032e47dde..8856f481b 100644 --- a/extensions/Push/lib/Connector.disabled/ServiceNow.pm +++ b/extensions/Push/lib/Connector.disabled/ServiceNow.pm @@ -24,7 +24,7 @@ use Bugzilla::Field; use Bugzilla::Mailer; use Bugzilla::Product; use Bugzilla::User; -use Bugzilla::Util qw(trim trick_taint); +use Bugzilla::Util qw(trim); use Email::MIME; use FileHandle; use LWP; @@ -122,7 +122,6 @@ sub options { sub options_validate { my ($self, $config) = @_; my $host = $config->{ldap_host}; - trick_taint($host); my $scheme = lc($config->{ldap_scheme}); eval { my $ldap @@ -400,7 +399,6 @@ sub _ldap_cache { my $cache = {}; my $host = $config->{ldap_host}; - trick_taint($host); my $scheme = lc($config->{ldap_scheme}); my $ldap = Net::LDAP->new($host, scheme => $scheme, onerror => 'die') or die $!; $ldap->bind($config->{ldap_user}, password => $config->{ldap_pass}); diff --git a/extensions/Push/lib/Connectors.pm b/extensions/Push/lib/Connectors.pm index 9a3856c02..3276759b9 100644 --- a/extensions/Push/lib/Connectors.pm +++ b/extensions/Push/lib/Connectors.pm @@ -14,7 +14,6 @@ use warnings; use Bugzilla::Logging; use Bugzilla::Extension::Push::Util; use Bugzilla::Constants; -use Bugzilla::Util qw(trick_taint); use File::Basename; use Try::Tiny; @@ -48,7 +47,6 @@ sub _load { foreach my $name (@{$self->{names}}) { next if exists $self->{objects}->{$name}; my $file = $self->{path} . "/$name.pm"; - trick_taint($file); require $file; my $package = "Bugzilla::Extension::Push::Connector::$name"; diff --git a/extensions/REMO/Extension.pm b/extensions/REMO/Extension.pm index 7ca74e081..f2bee2140 100644 --- a/extensions/REMO/Extension.pm +++ b/extensions/REMO/Extension.pm @@ -29,7 +29,7 @@ use warnings; use base qw(Bugzilla::Extension); use Bugzilla::Constants; -use Bugzilla::Util qw(trick_taint trim detaint_natural); +use Bugzilla::Util qw(trim detaint_natural); use Bugzilla::Token; use Bugzilla::Error; use List::Util qw(first); @@ -155,7 +155,6 @@ sub _remo_form_payment { $bug->update($timestamp); if ($token) { - trick_taint($token); $dbh->do('UPDATE tokens SET eventdata = ? WHERE token = ?', undef, ("remo_form_payment:" . $attachment->id, $token)); } diff --git a/extensions/Review/lib/WebService.pm b/extensions/Review/lib/WebService.pm index 9f66108c7..a2f46226b 100644 --- a/extensions/Review/lib/WebService.pm +++ b/extensions/Review/lib/WebService.pm @@ -16,7 +16,7 @@ use base qw(Bugzilla::WebService); use Bugzilla::Bug; use Bugzilla::Component; use Bugzilla::Error; -use Bugzilla::Util qw(detaint_natural trick_taint); +use Bugzilla::Util qw(detaint_natural ); use Bugzilla::WebService::Util 'filter'; use constant PUBLIC_METHODS => qw( @@ -111,7 +111,6 @@ sub flag_activity { } if (my $type_name = $params->{type_name}) { - trick_taint($type_name); my $flag_types = Bugzilla::FlagType::match({name => $type_name}); $match_criteria{type_id} = [map { $_->id } @$flag_types]; } diff --git a/extensions/SecureMail/Extension.pm b/extensions/SecureMail/Extension.pm index a9f1d78da..719bff0f5 100644 --- a/extensions/SecureMail/Extension.pm +++ b/extensions/SecureMail/Extension.pm @@ -33,7 +33,7 @@ use Bugzilla::Comment; use Bugzilla::Group; use Bugzilla::Object; use Bugzilla::User; -use Bugzilla::Util qw(trim trick_taint is_7bit_clean); +use Bugzilla::Util qw(trim is_7bit_clean); use Bugzilla::Error; use Bugzilla::Mailer; use Bugzilla::Extension::SecureMail::TCT; @@ -139,12 +139,6 @@ sub object_validators { } elsif ($value =~ /BEGIN CERTIFICATE/) { - # S/MIME Keys must be in PEM format (Base64-encoded X.509) - # - # Crypt::SMIME seems not to like tainted values - it claims - # they aren't scalars! - trick_taint($value); - my $smime = Crypt::SMIME->new(); eval { $smime->setPublicKey([$value]); }; if ($@) { diff --git a/importxml.pl b/importxml.pl index 61210f3ed..7e8ca0cfd 100755 --- a/importxml.pl +++ b/importxml.pl @@ -1189,7 +1189,6 @@ sub process_bug { "INSERT INTO attach_data (id, thedata) VALUES ($att_id, ?)" ); - trick_taint($att_data); $sth->bind_param(1, $att_data, $dbh->BLOB_TYPE); $sth->execute(); diff --git a/quips.cgi b/quips.cgi index 33ad62246..41bb52ee1 100755 --- a/quips.cgi +++ b/quips.cgi @@ -72,7 +72,6 @@ if ($action eq "add") { || 0; my $comment = $cgi->param("quip"); $comment || ThrowUserError("need_quip"); - trick_taint($comment); # Used in a placeholder below $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)", undef, ($user->id, $comment, $approved)); diff --git a/report.cgi b/report.cgi index ead37179c..63497b026 100755 --- a/report.cgi +++ b/report.cgi @@ -107,13 +107,13 @@ my $valid_columns = Bugzilla::Search::REPORT_COLUMNS; # Validate the values in the axis fields or throw an error. !$row_field - || ($valid_columns->{$row_field} && trick_taint($row_field)) + || $valid_columns->{$row_field} || ThrowCodeError("report_axis_invalid", {fld => "x", val => $row_field}); !$col_field - || ($valid_columns->{$col_field} && trick_taint($col_field)) + || $valid_columns->{$col_field} || ThrowCodeError("report_axis_invalid", {fld => "y", val => $col_field}); !$tbl_field - || ($valid_columns->{$tbl_field} && trick_taint($tbl_field)) + || $valid_columns->{$tbl_field} || ThrowCodeError("report_axis_invalid", {fld => "z", val => $tbl_field}); my @axis_fields = grep {$_} ($row_field, $col_field, $tbl_field); diff --git a/reports.cgi b/reports.cgi index c585ad6ab..1589189ac 100755 --- a/reports.cgi +++ b/reports.cgi @@ -99,7 +99,6 @@ else { $image_file = hmac_sha256_base64($image_file, $key) . '.png'; $image_file =~ s/\+/-/g; $image_file =~ s/\//_/g; - trick_taint($image_file); if (!-e "$graph_dir/$image_file") { generate_chart($dir, "$graph_dir/$image_file", $product, \@datasets); diff --git a/request.cgi b/request.cgi index 067ea2a73..23181bcfa 100755 --- a/request.cgi +++ b/request.cgi @@ -177,14 +177,12 @@ sub queue { # Filter results by exact email address of requester or requestee. if (defined $cgi->param('requester') && $cgi->param('requester') ne "") { my $requester = $dbh->quote($cgi->param('requester')); - trick_taint($requester); # Quoted above push(@criteria, $dbh->sql_istrcmp('requesters.login_name', $requester)); push(@excluded_columns, 'requester') unless $do_union; } if (defined $cgi->param('requestee') && $cgi->param('requestee') ne "") { if ($cgi->param('requestee') ne "-") { my $requestee = $dbh->quote($cgi->param('requestee')); - trick_taint($requestee); # Quoted above push(@criteria, $dbh->sql_istrcmp('requestees.login_name', $requestee)); } else { @@ -240,7 +238,6 @@ sub queue { if (!$has_attachment_type) { push(@excluded_columns, 'attachment') } my $quoted_form_type = $dbh->quote($form_type); - trick_taint($quoted_form_type); # Already SQL quoted push(@criteria, "flagtypes.name = " . $quoted_form_type); push(@excluded_columns, 'type'); } @@ -347,7 +344,6 @@ sub validateStatus { grep($status eq $_, qw(? +- + - all)) || ThrowUserError("flag_status_invalid", {status => $status}); - trick_taint($status); return $status; } @@ -357,7 +353,6 @@ sub validateGroup { grep($group eq $_, qw(requester requestee category type)) || ThrowUserError("request_queue_group_invalid", {group => $group}); - trick_taint($group); return $group; } diff --git a/scripts/fix_all_open_status_queries.pl b/scripts/fix_all_open_status_queries.pl index 4240f4af2..40ce509dd 100755 --- a/scripts/fix_all_open_status_queries.pl +++ b/scripts/fix_all_open_status_queries.pl @@ -45,7 +45,6 @@ sub do_namedqueries { my ($id, $old_query) = @$row; my $new_query = all_open_states($new_status, $old_query); if ($new_query) { - trick_taint($new_query); $sth->execute($new_query, $id); $replace_count++; } @@ -74,7 +73,6 @@ sub do_series { my ($series_id, $old_query) = @$row; my $new_query = all_open_states($new_status, $old_query); if ($new_query) { - trick_taint($new_query); $sth->execute($new_query, $series_id); $replace_count++; } diff --git a/scripts/merge-users.pl b/scripts/merge-users.pl index be8600a64..9934e8343 100755 --- a/scripts/merge-users.pl +++ b/scripts/merge-users.pl @@ -61,7 +61,6 @@ if ($old =~ /^id:(\d+)$/) { $old_id = $1; } else { - trick_taint($old); $old_id = $dbh->selectrow_array( 'SELECT userid FROM profiles WHERE login_name = ?', undef, $old @@ -86,7 +85,6 @@ if ($new =~ /^id:(\d+)$/) { ); } else { - trick_taint($new); $new_id = $dbh->selectrow_array( 'SELECT userid FROM profiles WHERE login_name = ?', undef, $new diff --git a/scripts/migrate_whiteboard_keyword.pl b/scripts/migrate_whiteboard_keyword.pl index eb904481a..aff74365e 100755 --- a/scripts/migrate_whiteboard_keyword.pl +++ b/scripts/migrate_whiteboard_keyword.pl @@ -39,7 +39,7 @@ use Bugzilla::Constants; use Bugzilla::Field; use Bugzilla::Keyword; use Bugzilla::User; -use Bugzilla::Util qw(trick_taint trim); +use Bugzilla::Util qw(trim); use Getopt::Long; use Term::ANSIColor qw(colored); @@ -77,8 +77,6 @@ my $whiteboard = shift; my $keyword = shift; ($whiteboard && $keyword) || usage("Whiteboard or keyword strings were not provided\n"); -trick_taint($whiteboard); -trick_taint($keyword); # User to make changes as automation@bmo.tld my $auto_user = Bugzilla::User->check({name => 'automation@bmo.tld'}); diff --git a/scripts/reset_default_user.pl b/scripts/reset_default_user.pl index 7adb5b187..99d9a31c9 100755 --- a/scripts/reset_default_user.pl +++ b/scripts/reset_default_user.pl @@ -15,7 +15,6 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::User; use Bugzilla::Field; -use Bugzilla::Util qw(trick_taint); use Getopt::Long; @@ -58,7 +57,6 @@ if (!$product my $who = Bugzilla::User->new({name => 'nobody@mozilla.org'}); my $field = Bugzilla::Field->new({name => $field_name}); -trick_taint($product); my $product_id = $dbh->selectrow_array("SELECT id FROM products WHERE name = ?", undef, $product); $product_id or die "Can't find product ID for '$product'.\n"; @@ -66,7 +64,6 @@ $product_id or die "Can't find product ID for '$product'.\n"; my $component_id; my $default_user_id; if ($component) { - trick_taint($component); my $colname = $field->name eq 'qa_contact' ? 'initialqacontact' : 'initialowner'; ($component_id, $default_user_id) diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index d4b9d6391..40de2af9e 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -325,7 +325,6 @@ foreach my $f (@files) { # $webdot directory. Since we're deleting the file (not following # symlinks), this can't escape to delete anything it shouldn't # (unless someone moves the location of $webdotdir, of course) - trick_taint($f); my $mtime = file_mod_time($f); if ($mtime && $mtime < $since) { unlink $f; diff --git a/summarize_time.cgi b/summarize_time.cgi index 3948f71f6..979629729 100755 --- a/summarize_time.cgi +++ b/summarize_time.cgi @@ -149,8 +149,6 @@ sub sqlize_dates { my @date_values; if ($start_date) { - # we've checked, trick_taint is fine - trick_taint($start_date); $date_bits = " AND longdescs.bug_when > ?"; push @date_values, $start_date; } diff --git a/token.cgi b/token.cgi index 2a97f0859..821772b1b 100755 --- a/token.cgi +++ b/token.cgi @@ -46,9 +46,6 @@ $action || ThrowUserError('unknown_action'); if ($token) { Bugzilla::Token::CleanTokenTable(); - # It's safe to detaint the token as it's used in a placeholder. - trick_taint($token); - # Make sure the token exists in the database. my ($db_token, $tokentype) = $dbh->selectrow_array( 'SELECT token, tokentype FROM tokens diff --git a/userprefs.cgi b/userprefs.cgi index d772c0a53..2ac8dd4d5 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -626,8 +626,6 @@ sub SaveSavedSearches { # allowed to. next unless grep($_ eq $group_id, @{$user->queryshare_groups}); - # $group_id is now definitely a valid ID of a group the - # user can share queries with, so we can trick_taint. detaint_natural($group_id); if ($q->shared_with_group) { $sth_update_ngm->execute($group_id, $q->id); @@ -775,7 +773,6 @@ sub DoMFA { || ThrowTemplateError($template->error()); } elsif ($provider =~ /^[a-z]+$/) { - trick_taint($provider); $template->process("mfa/$provider/enroll.html.tmpl", $vars) || ThrowTemplateError($template->error()); } @@ -985,9 +982,6 @@ $vars->{'changes_saved'} = $save_changes || $mfa_token; my $current_tab_name = $cgi->param('tab') || "account"; -# The SWITCH below makes sure that this is valid -trick_taint($current_tab_name); - $vars->{'current_tab_name'} = $current_tab_name; my $token = $cgi->param('token');