From 2198c14babfd09778efccbb23a6c66c6d7a5e1f1 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 9 Mar 2012 06:35:54 +0000 Subject: [PATCH] prepare for releasing doc git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@324043 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/taint/book.xml | 1 + reference/taint/detail.xml | 339 ++++++++++++++++++++++++++++++------- reference/taint/setup.xml | 5 +- 3 files changed, 282 insertions(+), 63 deletions(-) diff --git a/reference/taint/book.xml b/reference/taint/book.xml index 372c9fc104..aae333b575 100644 --- a/reference/taint/book.xml +++ b/reference/taint/book.xml @@ -55,6 +55,7 @@ Warning: mysql_query() [function.mysql-query]: SQL statement contains data that &reference.taint.setup; + &reference.taint.detail; &reference.taint.reference; diff --git a/reference/taint/detail.xml b/reference/taint/detail.xml index 2b675041f3..6ceeab327a 100644 --- a/reference/taint/detail.xml +++ b/reference/taint/detail.xml @@ -1,69 +1,288 @@ -
- Details - - - Taint - - - - Function/Statement - &Default; - &Changeable; - &Changelog; - - - - - taint.enable - 1 - its PHP_INI_SYS value - - - - taint.error_level - E_WARNING - its PHP_INI_SYS value - - - - -
-
+ + More Details - &ini.descriptions.title; +
+ Functions and Statements which will spread the tainted mark of a + taited string + + + + + + + + + Function/Statement + Since + + + + + = (assign) + 0.1.0 + + + . (concat) + 0.1.0 + + + "{$var}" (variable substitution) + 0.1.0 + + + .= (assign concat) + 0.1.0 + + + strval + 0.3.0 + + + explode + 0.3.0 + + + implode + 0.3.0 + + + sprintf + 0.3.0 + + + vsprintf + 0.3.0 + + + trim + 0.4.0 + + + rtrim + 0.4.0 + + + ltrim + 0.4.0 + + + +
+
+
- - - - - taint.enable - integer - - - - Whether enable the taint. - - - - - - taint.error_level - integer - - - - the error type which taint will report as when taint find a tainted - string. - - - +
+ Functions and statements which will check taint string + + + + + + + + + Function/Statement + Since + + + + + Basic statments + + + eval + 0.1.0 + + + include/include_once + 0.1.0 + + + require/require_once + 0.1.0 + + - - - + + Outputing Functions + + + echo + 0.1.0 + + + print + 0.1.0 + + + printf + 0.1.0 + + + file_put_contents + 0.1.0 + + + + File System Functions + + + fopen + 0.2.0 + + + opendir + 0.2.0 + + + basename + 0.2.0 + + + dirname + 0.2.0 + + + file + 0.2.0 + + + pathinfo + 0.2.0 + + + + Database relevant Functions + + + mysql_query + 0.2.0 + + + mysqli_query/MySQLi::query + 0.2.0 + + + sqlite_query/SqliteDataBase::query + 0.3.0 + + + sqlite_single_query/SqliteDataBase::singleQuery + 0.3.0 + + + oci_parse + 0.3.0 + + + PDO::query + 0.3.0 + + + PDO::prepare + 0.3.0 + + + + Command Line relevant Functions + + + system + 0.1.0 + + + exec + 0.1.0 + + + proc_open + 0.1.0 + + + passthru + 0.1.0 + + + shell_exec + 0.3.0 + + + + + +
+
+
+ +
+ Functions which untaint the tainted string + + + + + + + + + Function + Since + + + + + addslashes + 0.1.0 + + + addcslashes + 0.1.0 + + + htmlspecialchars + 0.1.0 + + + htmlentities + 0.1.0 + + + escapeshellcmd + 0.1.0 + + + mysql_escape_string + 0.1.0 + + + mysql_real_escape_string + 0.1.0 + + + mysqli_escape_string/MySQLi::escape_string + 0.1.0 + + + mysqli_real_escape_string/MySQLi::real_escape_string + 0.1.0 + + + sqlite_escape_string/SqliteDataBase::escapeString + 0.3.0 + + + PDO::quote + 0.3.0 + + + +
+
+ +
+
&reference.taint.ini; -
+
&reftitle.resources;