Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
fbb2c9b0
Commit
fbb2c9b0
authored
Jul 10, 2002
by
bbaetz%student.usyd.edu.au
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 155793 - $::FORM is not tainted under perl 5.6.1
r=myk, jouni
parent
3389d621
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
12 additions
and
22 deletions
+12
-22
CGI.pl
CGI.pl
+12
-22
No files found.
CGI.pl
View file @
fbb2c9b0
...
...
@@ -92,34 +92,24 @@ sub url_quote {
}
sub
ParseUrlString
{
# We don't want to detaint the user supplied data...
use
re
'taint'
;
my
(
$buffer
,
$f
,
$m
)
=
(
@_
);
undef
%
$f
;
undef
%
$m
;
my
%
isnull
;
my
$remaining
=
$buffer
;
while
(
$remaining
ne
""
)
{
my
$item
;
if
(
$remaining
=~
/^([^&]*)&(.*)$/
)
{
$item
=
$1
;
$remaining
=
$2
;
}
else
{
$item
=
$remaining
;
$remaining
=
""
;
}
my
$name
;
my
$value
;
if
(
$item
=~
/^([^=]*)=(.*)$/
)
{
$name
=
url_decode
(
$1
);
$value
=
url_decode
(
$2
);
}
else
{
$name
=
url_decode
(
$item
);
$value
=
""
;
}
# We must make sure that the CGI params remain tainted.
# This means that if for some reason you want to make this code
# use a regexp and $1, $2, ... (or use a helper function which does so)
# you must |use re 'taint'| _and_ make sure that you don't run into
# http://bugs.perl.org/perlbug.cgi?req=bug_id&bug_id=20020704.001
my
@args
=
split
(
'&'
,
$buffer
);
foreach
my
$arg
(
@args
)
{
my
(
$name
,
$value
)
=
split
(
'='
,
$arg
,
2
);
$value
=
''
if
not
defined
$value
;
$name
=
url_decode
(
$name
);
$value
=
url_decode
(
$value
);
if
(
$value
ne
""
)
{
if
(
defined
$f
->
{
$name
})
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment