|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-02-09 16:50 UTC] craig at craigfrancis dot co dot uk
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2021 The PHP GroupAll rights reserved. |
Last updated: Sat May 08 11:01:23 2021 UTC |
Description: ------------ I've only just stated using the extension, but I'd have thought that the following would have raised warnings. Test script: --------------- <?php $tainted = '1-Evil'; taint($tainted); preg_match('/^1-(.*)/', $tainted, $matches); echo $matches[1] . "\n"; echo str_ireplace('1-', '2-', $tainted) . "\n"; echo preg_replace('/^1-/', '2-', $tainted) . "\n"; ?> Expected result: ---------------- Evil 2-Evil 2-Evil Actual result: -------------- <br /> <b>Warning</b>: main() [echo]: Attempt to echo a string that might be tainted in <b>./index.php</b> on line <b>8</b><br /> 1-Evil <br /> <b>Warning</b>: main() [echo]: Attempt to echo a string that might be tainted in <b>./index.php</b> on line <b>9</b><br /> 2-Evil <br /> <b>Warning</b>: main() [echo]: Attempt to echo a string that might be tainted in <b>./index.php</b> on line <b>10</b><br /> 2-Evil