Closed Bug 1309278 Opened 4 years ago Closed 4 years ago

Cache::Memcached::Fast returns tainted data if the key is tainted

Categories

(Bugzilla :: Bugzilla-General, defect)

5.1.1
defect
Not set
normal

Tracking

()

RESOLVED FIXED
Bugzilla 6.0

People

(Reporter: dylan, Assigned: dylan)

Details

Attachments

(3 files)

Attached file test.t
So if a key is passed to Cache::Memcached::Fast->get(), and it is tainted,
for some reason the value is also tainted.
Assignee: general → dylan
Attached patch 1309278_1.patchSplinter Review
Attachment #8799852 - Flags: review?(dkl)
Comment on attachment 8799852 [details] [diff] [review]
1309278_1.patch

Review of attachment 8799852 [details] [diff] [review]:
-----------------------------------------------------------------

Should we again remove the detainting routines that were put back with this new patch?

r=dkl
Attachment #8799852 - Flags: review?(dkl) → review+
Yep. Here is the patch for bmo
Attachment #8799958 - Flags: review?(dkl)
Comment on attachment 8799958 [details] [diff] [review]
1309229_bmo.patch

Review of attachment 8799958 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8799958 - Flags: review?(dkl) → review+
To github.com:bugzilla/bugzilla.git
   d328d40..d9ba51c  master -> master

To github.com:mozilla-bteam/bmo.git
   b4b59f8..b955c8d  master -> master
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 6.0
You need to log in before you can comment on or make changes to this bug.