Merge pull request #8848 from mmcev106/urlencode

vimeo · Dec 6, 2022 · 4dc969b · 4dc969b
2 parents 1cd10c3 + 9764803
commit 4dc969b
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/stubs/CoreGenericFunctions.phpstub b/stubs/CoreGenericFunctions.phpstub
@@ -837,6 +837,15 @@ function htmlspecialchars(string $string, int $flags = ENT_COMPAT | ENT_HTML401,
  */
 function htmlspecialchars_decode(string $string, ?int $flags = null) : string {}
 
+/**
+ * @psalm-pure
+ *
+ * @psalm-taint-escape html
+ * @psalm-taint-escape has_quotes
+ * @psalm-flow ($string) -> return
+ */
+function urlencode(string $string) : string {}
+
 /**
  * @psalm-pure
  *

diff --git a/tests/TaintTest.php b/tests/TaintTest.php
@@ -722,6 +722,11 @@ function bar(array $arr): void {
                         }
                     }'
             ],
+            'urlencode' => [
+                'code' => '<?php
+                    echo urlencode($_GET["bad"]);
+                '
+            ],
         ];
     }
 
@@ -2373,6 +2378,17 @@ public static function getPrevious(string $s): string {
                     new $a($b);',
                 'error_message' => 'TaintedCallable',
             ],
+            'urlencode' => [
+                /**
+                 * urlencode() should only prevent html & has_quotes taints
+                 * All other taint types should be unaffected.
+                 * We arbitrarily chose system() to test this.
+                 */
+                'code' => '<?php
+                    system(urlencode($_GET["bad"]));
+                ',
+                'error_message' => 'TaintedShell'
+            ]
         ];
     }