sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 00:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
php-doc-en/reference/taint/book.xml
George Peter Banyard 68c2c87150 Fix extension doc membership
2021-06-13 23:23:33 +01:00

84 lines
2 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<book xml:id="book.taint" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<?phpdoc extension-membership="pecl" ?>
<title>Taint</title>
<titleabbrev>Taint</titleabbrev>
<preface xml:id="intro.taint">
&reftitle.intro;
<para>
Taint is an extension, which is used for detecting XSS codes(tainted
string).
And also can be used to spot sql injection vulnerabilities, and shell
inject, etc.
</para>
<para>
When taint is enabled, if you pass a tainted string (comes from $_GET,
$_POST or $_COOKIE) to some functions, taint will warn you about that.
</para>
<example>
<title><function>Taint</function>example</title>
<programlisting role="php">
<![CDATA[
<?php
$a = trim($_GET['a']);
$file_name = '/tmp' . $a;
$output = "Welcome, {$a} !!!";
$var = "output";
$sql = "Select * from " . $a;
$sql .= "ooxx";
echo $output;
print $$var;
include($file_name);
mysql_query($sql);
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
Warning: main() [function.echo]: Attempt to echo a string that might be tainted
Warning: main() [function.echo]: Attempt to print a string that might be tainted
Warning: include() [function.include]: File path contains data that might be tainted
Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted
]]>
</screen>
</example>
</preface>
&reference.taint.setup;
&reference.taint.detail;
&reference.taint.reference;
</book>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
Reference in a new issue View git blame Copy permalink