Only register taints on known magic properties

src/Psalm/Internal/Analyzer/Statements/Expression/Assignment/PropertyAssignmentAnalyzer.php

@@ -361,6 +361,8 @@ public static function analyzeInstance(
 
                             $has_regular_setter = true;
                             $property_exists = true;
+
+                            self::taintProperty($statements_analyzer, $stmt, $property_id, $assignment_value_type);
                             continue;
                         }
                     }
@@ -408,8 +410,6 @@ public static function analyzeInstance(
                         if (!in_array('PossiblyNullReference', $suppressed_issues, true)) {
                             $statements_analyzer->removeSuppressedIssues(['PossiblyNullReference']);
                         }
-
-                        self::taintProperty($statements_analyzer, $stmt, $property_id, $assignment_value_type);
                     }
 
                     /*

src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/PropertyFetchAnalyzer.php

@@ -537,8 +537,6 @@ public static function analyzeInstance(
 
                 $property_id = $lhs_type_part->value . '::$' . $prop_name;
 
-                self::processTaints($statements_analyzer, $stmt, $stmt->inferredType, $property_id);
-
                 /*
                  * If we have an explicit list of all allowed magic properties on the class, and we're
                  * not in that list, fall through

tests/TaintTest.php

@@ -668,6 +668,9 @@ public function testTaintedInputFromMagicProperty() : void
         $this->addFile(
             'somefile.php',
             '<?php
+                /**
+                 * @property string $userId
+                 */
                 class A {
                     /** @var array<string, string> */
                     private $vars = [];