Closed
Bug 155791
Opened 22 years ago
Closed 22 years ago
$::FORM is not tainted under perl 5.6.1
Categories
(Bugzilla :: Bugzilla-General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 155793
People
(Reporter: bbaetz, Assigned: bbaetz)
References
()
Details
While looking into why I didn't see bug 155700, it turns out that perl > 5.6.0 has broken |use taint 're'|, which we use to avoid tainting . I've filed a bug with a test case - see the URL. The workarround is to assign a known-tainted value to $item and $value first, before. The alternate fix is to use split, rather than $1 (like CGI.pm does), or to avoid using $1, and just assign from the result of the m// directly (which appears to avoid triggering this bug) I'll wait to see what the response is before deciding which one to do, but we should do one of them for 2.16.
Assignee | ||
Comment 1•22 years ago
|
||
Dupe submission because of bug 154036. myk, can you apply that patch to bmo, please? *** This bug has been marked as a duplicate of 155793 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•