|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-02-09 16:50 UTC] craig at craigfrancis dot co dot uk
[2021-09-27 15:36 UTC] cmb@php.net
[2021-09-27 15:57 UTC] craig at craigfrancis dot co dot uk
-Status: Open
+Status: Closed
[2021-09-27 15:57 UTC] craig at craigfrancis dot co dot uk
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 18 18:01:28 2024 UTC |
Description: ------------ I've only just stated using the extension, but I'd have thought that the following would have raised warnings. Test script: --------------- <?php $tainted = '1-Evil'; taint($tainted); preg_match('/^1-(.*)/', $tainted, $matches); echo $matches[1] . "\n"; echo str_ireplace('1-', '2-', $tainted) . "\n"; echo preg_replace('/^1-/', '2-', $tainted) . "\n"; ?> Expected result: ---------------- Evil 2-Evil 2-Evil Actual result: -------------- <br /> <b>Warning</b>: main() [echo]: Attempt to echo a string that might be tainted in <b>./index.php</b> on line <b>8</b><br /> 1-Evil <br /> <b>Warning</b>: main() [echo]: Attempt to echo a string that might be tainted in <b>./index.php</b> on line <b>9</b><br /> 2-Evil <br /> <b>Warning</b>: main() [echo]: Attempt to echo a string that might be tainted in <b>./index.php</b> on line <b>10</b><br /> 2-Evil