We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
echo $taintedObject;
Same for string encapsulation ("Trace: $myClass")
"Trace: $myClass"
Expected: The examples in https://psalm.dev/r/43fab1bc2a should emit TaintedOutput
Related to #3696
The text was updated successfully, but these errors were encountered:
I found these snippets:
<?php // --taint-analysis class MyClass { public function __toString() { return $_GET['blah']; } } // echo (new MyClass())->__toString(); emits TaintedInput $x = new MyClass(); echo "x: $x\n"; echo $x;
Psalm output (using commit c95ebfe): No issues!
Sorry, something went wrong.
Track taint in implicit __toString() casts
__toString()
9dcc614
Partially support vimeo#3697 There are other ways that objects can be cast to string that this PR does not analyze.
38977d7
No branches or pull requests
Same for string encapsulation (
"Trace: $myClass"
)Expected: The examples in https://psalm.dev/r/43fab1bc2a should emit TaintedOutput
Related to #3696
The text was updated successfully, but these errors were encountered: