We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://psalm.dev/r/e6853c1780
doTheMagic([(string)$_GET['injected'] => 'value']);
Array keys being composed by user-submitted content are not considered tainted.
The text was updated successfully, but these errors were encountered:
I found these snippets:
<?php // --taint-analysis /** * @param array<string, string> $values * @psalm-taint-sink html $values */ function doTheMagic(array $values) {} // detected doTheMagic(['value' => (string)$_GET['injected']]); // not detected doTheMagic([(string)$_GET['injected'] => 'value']);
Psalm output (using commit efa9b13): ERROR: TaintedHtml - 6:27 - Detected tainted HTML
Sorry, something went wrong.
I've spotted a bunch of array-related PRs (e.g. #5444), Sam @mortenson did you accidentally stumble over similar scenarios as well?
@ohader No - I haven't seen this before, and didn't think of it when tweaking ArrayAnalyzer.
ArrayAnalyzer
10ccbdd
❤️ awesome, thx @muglug
No branches or pull requests
https://psalm.dev/r/e6853c1780
Array keys being composed by user-submitted content are not considered tainted.
The text was updated successfully, but these errors were encountered: