Skip to content
Permalink
Browse files

Preserve taintedness of str_replace

  • Loading branch information...
muglug committed Aug 13, 2019
1 parent 8f29db2 commit 7533949667551846b3b4bdb7337c48b68aaf3a57
Showing with 12 additions and 0 deletions.
  1. +12 −0 src/Psalm/Internal/Analyzer/FunctionAnalyzer.php
@@ -418,6 +418,7 @@ public static function taintBuiltinFunctionReturn(
case 'strtolower':
case 'strtoupper':
case 'print_r':
case 'substr':
if (isset($call_args[0]->value->inferredType)
&& $call_args[0]->value->inferredType->tainted
) {
@@ -427,6 +428,17 @@ public static function taintBuiltinFunctionReturn(
break;
case 'str_replace':
case 'preg_replace':
$first_arg_taint = $call_args[0]->value->inferredType->tainted ?? 0;
$third_arg_taint = $call_args[2]->value->inferredType->tainted ?? 0;
if ($first_arg_taint || $third_arg_taint) {
$return_type->tainted = $first_arg_taint | $third_arg_taint;
$return_type->sources = $call_args[0]->value->inferredType->sources;
}
break;
case 'htmlentities':
case 'striptags':
if (isset($call_args[0]->value->inferredType)

0 comments on commit 7533949

Please sign in to comment.
You can’t perform that action at this time.