此PECL 扩展未与 PHP 捆绑。
运行时配置
这些函数的行为受php.ini中的设置影响。
名字 | 默认 | 可修改范围 | 更新日志 |
---|---|---|---|
taint.enable | 0 | PHP_INI_SYSTEM | |
taint.error_level | E_WARNING | PHP_INI_ALL |
Functions and Statements which will spread the tainted mark of a tainted string
Function/Statement | Since |
---|---|
= (assign) | 0.1.0 |
. (concat) | 0.1.0 |
"{$var}" (variable substitution) | 0.1.0 |
.= (assign concat) | 0.1.0 |
strval | 0.3.0 |
explode/split | 0.3.0 |
implode/join | 0.3.0 |
sprintf | 0.3.0 |
vsprintf | 0.3.0 |
trim | 0.4.0 |
rtrim | 0.4.0 |
ltrim | 0.4.0 |
strstr | 0.5.0 |
str_pad | 0.5.0 |
str_replace | 0.5.0 |
substr | 0.5.0 |
strtolower | 0.5.0 |
strtoupper | 0.5.0 |
Functions and statements which will check tainted string
Function/Statement | Since |
---|---|
Basic statments | |
eval | 0.1.0 |
include/include_once | 0.1.0 |
require/require_once | 0.1.0 |
Outputing Functions | |
echo | 0.1.0 |
0.1.0 | |
printf | 0.1.0 |
file_put_contents | 0.1.0 |
File System Functions | |
fopen | 0.2.0 |
opendir | 0.2.0 |
basename | 0.2.0 |
dirname | 0.2.0 |
file | 0.2.0 |
pathinfo | 0.2.0 |
Database relevant Functions | |
mysql_query | 0.2.0 |
mysqli_query/MySQLi::query | 0.2.0 |
sqlite_query/SqliteDataBase::query | 0.3.0 |
sqlite_single_query/SqliteDataBase::singleQuery | 0.3.0 |
oci_parse | 0.3.0 |
PDO::query | 0.3.0 |
PDO::prepare | 0.3.0 |
SQLite3::query | 2.0.1 |
SQLite3::prepare | 2.0.1 |
Command Line relevant Functions | |
system | 0.1.0 |
exec | 0.1.0 |
proc_open | 0.1.0 |
passthru | 0.1.0 |
shell_exec | 0.3.0 |
Functions which untaint the tainted string
Function | Since |
---|---|
addslashes | 0.1.0 |
addcslashes | 0.1.0 |
htmlspecialchars | 0.1.0 |
htmlentities | 0.1.0 |
escapeshellcmd | 0.1.0 |
mysql_escape_string | 0.1.0 |
mysql_real_escape_string | 0.1.0 |
mysqli_escape_string/MySQLi::escape_string | 0.1.0 |
mysqli_real_escape_string/MySQLi::real_escape_string | 0.1.0 |
sqlite_escape_string/SqliteDataBase::escapeString | 0.3.0 |
PDO::quote | 0.3.0 |