Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
406 lines (404 sloc) 10.8 KB
<?xml version="1.0" encoding="UTF-8"?>
<package xmlns="http://pear.php.net/dtd/package-2.0" xmlns:tasks="http://pear.php.net/dtd/tasks-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" packagerversion="1.4.7" version="2.0" xsi:schemaLocation="http://pear.php.net/dtd/tasks-1.0 http://pear.php.net/dtd/tasks-1.0.xsd http://pear.php.net/dtd/package-2.0 http://pear.php.net/dtd/package-2.0.xsd">
<name>taint</name>
<channel>pecl.php.net</channel>
<summary>XSS code sniffer</summary>
<description>
An extension used for detecting XSS codes(tainted string),
And also can be used to spot sql injection vulnerabilities, shell inject, etc.
</description>
<lead>
<name>Xinchen Hui</name>
<user>laruence</user>
<email>laruence@php.net</email>
<active>yes</active>
</lead>
<date>2016-07-04</date>
<time>12:14:00</time>
<version>
<release>2.0.2</release>
<api>2.0.2</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP</license>
<notes>
- Fixed build with PHP-7.1
</notes>
<contents>
<dir name="/">
<file name="config.m4" role="src" />
<file name="php_taint.h" role="src" />
<file name="taint.c" role="src" />
<file name="config.w32" role="src" />
<file name="CREDITS" role="doc" />
<file name="LICENSE" role="doc" />
<file name="EXPERIMENTAL" role="doc" />
<dir name="tests">
<file name="001.phpt" role="test" />
<file name="002.phpt" role="test" />
<file name="003.phpt" role="test" />
<file name="004.phpt" role="test" />
<file name="005.phpt" role="test" />
<file name="006.phpt" role="test" />
<file name="007.phpt" role="test" />
<file name="008.phpt" role="test" />
<file name="009.phpt" role="test" />
<file name="010.phpt" role="test" />
<file name="011.phpt" role="test" />
<file name="012.phpt" role="test" />
<file name="013.phpt" role="test" />
<file name="014.phpt" role="test" />
<file name="015.phpt" role="test" />
<file name="016.phpt" role="test" />
<file name="017.phpt" role="test" />
<file name="018.phpt" role="test" />
<file name="bug61163.phpt" role="test" />
<file name="bug61816.phpt" role="test" />
<file name="bug63100.phpt" role="test" />
<file name="bug63123.phpt" role="test" />
<file name="issue004.phpt" role="test" />
<file name="issue026.phpt" role="test" />
</dir>
</dir>
</contents>
<dependencies>
<required>
<php>
<min>7.0.0</min>
</php>
<pearinstaller>
<min>1.4.0</min>
</pearinstaller>
</required>
</dependencies>
<providesextension>taint</providesextension>
<extsrcrelease />
<changelog>
<release>
<date>2016-07-04</date>
<version>
<release>2.0.2</release>
<api>2.0.2</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed build with PHP-7.1
</notes>
</release>
<release>
<date>2015-12-12</date>
<version>
<release>2.0.1</release>
<api>2.0.1</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed issue #26 (taint deson't work with PDO)
- Added SQLite3 supproted
</notes>
</release>
<release>
<date>2015-10-27</date>
<version>
<release>2.0.0</release>
<api>2.0.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Release taint for PHP7
</notes>
</release>
<release>
<date>2013-03-22</date>
<version>
<release>1.2.2</release>
<api>1.2.2</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed issue #4 (wrong op fetched)
- Fixed issue #3 (zend_error_noreturn undefined)
</notes>
</release>
<release>
<date>2013-02-26</date>
<version>
<release>1.2.1</release>
<api>1.2.1</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- release stable version
</notes>
</release>
<release>
<date>2012-11-06</date>
<version>
<release>1.2.0</release>
<api>1.2.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Support tracing dim concat result (phonpeng@vip.qq.com)
</notes>
</release>
<release>
<date>2012-09-21</date>
<version>
<release>1.1.0</release>
<api>1.1.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed bug #63100 (array_walk_recursive behaves wrongly when taint enabled)
- Fixed bug #63123 (Hash pointer should be reset at the end of function:php_taint_mark_strings). (274611049 at qq dot com)
</notes>
</release>
<release>
<date>2012-06-23</date>
<version>
<release>1.0.0</release>
<api>1.0.0</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed bug #62395 (str_replace重写有误)
</notes>
</release>
<release>
<date>2012-05-08</date>
<version>
<release>0.5.3</release>
<api>0.5.3</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Bug #61816 (Segmentation fault)
</notes>
</release>
<release>
<date>2012-04-12</date>
<version>
<release>0.5.2</release>
<api>0.5.2</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed Bug that segfault with global keyword
</notes>
</release>
<release>
<date>2012-04-11</date>
<version>
<release>0.5.2</release>
<api>0.5.2</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed build with php 5.3
</notes>
</release>
<release>
<date>2012-04-09</date>
<version>
<release>0.5.1</release>
<api>0.5.1</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed Bug that segfault with global keyword
</notes>
</release>
<release>
<date>2012-03-23</date>
<version>
<release>0.5.0</release>
<api>0.5.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Support more functions(strstr, substr, str_replace etc)
- Fixed Bug that tainted info lost if string is parsed by htmlspecialchars
- Trigger warning when doing dim assign concat
</notes>
</release>
<release>
<date>2012-02-26</date>
<version>
<release>0.4.1</release>
<api>0.4.1</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed bug #61163 (Passing and using tainted data in specific way crashes)
- Fix build while zend_error_noreturn missed
</notes>
</release>
<release>
<date>2012-02-20</date>
<version>
<release>0.4.0</release>
<api>0.4.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Support trim/rtrim/ltrim
- Doesn't depend on exposing of zif_* symbols any more
- Fixed a potential crash(PHP 5.2)
- Fixed bug that concat_assign lost tainted info(PHP 5.4, if the var_ptr is tainted while value is not)
- Fixed memory leak in assign_concat
- Fixed tests faild of sprintf/trim etc args signature
- Fixed compiler warnings
</notes>
</release>
<release>
<date>2012-02-18</date>
<version>
<release>0.3.0</release>
<api>0.3.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Taint result of sprintf/vsprintf instead of trigger warnings.
- Taint result of explode/implode if the input is tained.
- Taint result of strval if the input is tainted
</notes>
</release>
<release>
<date>2012-02-18</date>
<version>
<release>0.2.0</release>
<api>0.2.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Support separation caused by send_ref
- Support separation caused by send_var
- Support checking for method
- Support more functions (sqlite, oci, etc)
</notes>
</release>
<release>
<date>2012-02-17</date>
<version>
<release>0.1.0</release>
<api>0.1.0</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Support reference separation
</notes>
</release>
<release>
<date>2012-02-16</date>
<version>
<release>0.0.2</release>
<api>0.0.2</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- Fixed bug that MINIT din't respect taint.enable
- Fixed bug that Taint doesn't work with eval
- Fixed bug that Taint works wrongly with php 5.3(function arguments)
- Support ternary
</notes>
</release>
<release>
<date>2012-02-15</date>
<version>
<release>0.0.1</release>
<api>0.0.1</api>
</version>
<stability>
<release>beta</release>
<api>beta</api>
</stability>
<license uri="http://www.php.net/license">PHP License</license>
<notes>
- First release
</notes>
</release>
</changelog>
</package>
<!--
vim:et:ts=1:sw=1
-->