Bug 155793 - $::FORM is not tainted under perl 5.6.1

r=myk, jouni

Bug 155793 - $::FORM is not tainted under perl 5.6.1
fbb2c9b0 · bbaetz%student.usyd.edu.au · 3389d621 · fbb2c9b0
Commit fbb2c9b0 authored Jul 10, 2002 by bbaetz%student.usyd.edu.au
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 22 deletions

CGI.pl CGI.pl +12 -22

No files found.
--- a/CGI.pl
+++ b/CGI.pl
@@ -92,34 +92,24 @@ sub url_quote {
 }
 sub ParseUrlString {
-    # We don't want to detaint the user supplied data...
-    use re 'taint';
    my ($buffer, $f, $m) = (@_);
    undef %$f;
    undef %$m;
    my %isnull;
-    my $remaining = $buffer;
-    while ($remaining ne "") {
-        my $item;
-        if ($remaining =~ /^([^&]*)&(.*)$/) {
-            $item = $1;
-            $remaining = $2;
-        } else {
-            $item = $remaining;
-            $remaining = "";
-        }
-        my $name;
+    # We must make sure that the CGI params remain tainted.
-        my $value;
+    # This means that if for some reason you want to make this code
-        if ($item =~ /^([^=]*)=(.*)$/) {
+    # use a regexp and $1, $2, ... (or use a helper function which does so)
-            $name = url_decode($1);
+    # you must |use re 'taint'| _and_ make sure that you don't run into
-            $value = url_decode($2);
+    # http://bugs.perl.org/perlbug.cgi?req=bug_id&bug_id=20020704.001
-        } else {
+    my @args = split('&', $buffer);
-            $name = url_decode($item);
+    foreach my $arg (@args) {
-            $value = "";
+        my ($name, $value) = split('=', $arg, 2);
-        }
+        $value = '' if not defined $value;
+        $name = url_decode($name);
+        $value = url_decode($value);
        if ($value ne "") {
            if (defined $f->{$name}) {