You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<?php// Edit: adding @return string or even @return mixed will make Psalm properly warn about thisfunctionrawinput() {
return$_GET['rawinput'];
}
echo rawinput();
Observed: Does not emit TaintedInput for the echo
Expected: Should have some way to warn. function identity($x) { return $x; } has the same issue.
Also, it seems like labels for functions in namespaces may have issues - at a glance, they may be called ns\foo in one label but foo in another
The text was updated successfully, but these errors were encountered:
TysonAndre
changed the title
Support tracking taintedness of function return values?
Taintedness of function return values is only tracked if function has a declared return type
Jun 23, 2020
It seems like src/Psalm/Internal/Analyzer/Statements/ReturnAnalyzer.php handleTaints() ends up getting called. I wonder if $inferred_type->parent_nodes is somehow different due to early return or due to some other issue
EDIT: it gets called whether or not there's a return type, the issue's probably elsewhere
Observed: Does not emit TaintedInput for the echo
Expected: Should have some way to warn.
function identity($x) { return $x; }
has the same issue.Also, it seems like labels for functions in namespaces may have issues - at a glance, they may be called ns\foo in one label but foo in another
The text was updated successfully, but these errors were encountered: