• 首页
  • css3教程
  • html5教程
  • jQuery手册
  • php7教程
  • MySQL手册
  • apache手册
  • 位置: php7教程 -> PECL扩展库

    taint(代码安全检测)

    此PECL 扩展未与 PHP 捆绑。

    运行时配置

    这些函数的行为受php.ini中的设置影响。

    Taint 配置选项
    名字默认可修改范围更新日志
    taint.enable0PHP_INI_SYSTEM
    taint.error_levelE_WARNINGPHP_INI_ALL

    Functions and Statements which will spread the tainted mark of a tainted string

    Function/StatementSince
    = (assign)0.1.0
    . (concat)0.1.0
    "{$var}" (variable substitution)0.1.0
    .= (assign concat)0.1.0
    strval0.3.0
    explode/split0.3.0
    implode/join0.3.0
    sprintf0.3.0
    vsprintf0.3.0
    trim0.4.0
    rtrim0.4.0
    ltrim0.4.0
    strstr0.5.0
    str_pad0.5.0
    str_replace0.5.0
    substr0.5.0
    strtolower0.5.0
    strtoupper0.5.0

    Functions and statements which will check tainted string

    Function/StatementSince
    Basic statments
    eval0.1.0
    include/include_once0.1.0
    require/require_once0.1.0
    Outputing Functions
    echo0.1.0
    print0.1.0
    printf0.1.0
    file_put_contents0.1.0
    File System Functions
    fopen0.2.0
    opendir0.2.0
    basename0.2.0
    dirname0.2.0
    file0.2.0
    pathinfo0.2.0
    Database relevant Functions
    mysql_query0.2.0
    mysqli_query/MySQLi::query0.2.0
    sqlite_query/SqliteDataBase::query0.3.0
    sqlite_single_query/SqliteDataBase::singleQuery0.3.0
    oci_parse0.3.0
    PDO::query0.3.0
    PDO::prepare0.3.0
    SQLite3::query2.0.1
    SQLite3::prepare2.0.1
    Command Line relevant Functions
    system0.1.0
    exec0.1.0
    proc_open0.1.0
    passthru0.1.0
    shell_exec0.3.0

    Functions which untaint the tainted string

    FunctionSince
    addslashes0.1.0
    addcslashes0.1.0
    htmlspecialchars0.1.0
    htmlentities0.1.0
    escapeshellcmd0.1.0
    mysql_escape_string0.1.0
    mysql_real_escape_string0.1.0
    mysqli_escape_string/MySQLi::escape_string0.1.0
    mysqli_real_escape_string/MySQLi::real_escape_string0.1.0
    sqlite_escape_string/SqliteDataBase::escapeString0.3.0
    PDO::quote0.3.0