$::FORM is not tainted under perl 5.6.1

RESOLVED DUPLICATE of bug 155793

Status

()

--
blocker
RESOLVED DUPLICATE of bug 155793
17 years ago
6 years ago

People

(Reporter: bbaetz, Assigned: bbaetz)

Tracking

Details

(URL)

(Assignee)

Description

17 years ago
While looking into why I didn't see bug 155700, it turns out that perl > 5.6.0
has broken |use taint 're'|, which we use to avoid tainting . I've filed a bug
with a test case - see the URL.

The workarround is to assign a known-tainted value to $item and $value first,
before. The alternate fix is to use split, rather than $1 (like CGI.pm does), or
to avoid using $1, and just assign from the result of the m// directly (which
appears to avoid triggering this bug)

I'll wait to see what the response is before deciding which one to do, but we
should do one of them for 2.16.
(Assignee)

Comment 1

17 years ago
Dupe submission because of bug 154036.

myk, can you apply that patch to bmo, please?

*** This bug has been marked as a duplicate of 155793 ***
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.