Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use valid identifier for taint/untaint() varargs in ReflectionParameter->getName() instead of $... #74

Open
TysonAndre opened this issue Dec 5, 2020 · 0 comments
Open

Use valid identifier for taint/untaint() varargs in ReflectionParameter->getName() instead of $... #74

TysonAndre opened this issue Dec 5, 2020 · 0 comments

Comments

@TysonAndre
Copy link

taint/taint.c

Lines 37 to 45 in 2deabd5

ZEND_BEGIN_ARG_INFO_EX(taint_arginfo, 0, 0, 1)
ZEND_ARG_INFO(1, string)
ZEND_ARG_INFO(1, ...)
ZEND_END_ARG_INFO()
ZEND_BEGIN_ARG_INFO_EX(untaint_arginfo, 0, 0, 1)
ZEND_ARG_INFO(1, string)
ZEND_ARG_INFO(1, ...)
ZEND_END_ARG_INFO()

Observed: ... used as the getName()
Desired: args or some other valid php identifier for a variable name

This would be equivalent to function taint($string, $...), where ... is not a valid php identifier and it would be impossible for a user-defined function to use ... as a parameter name.

The use of an invalid identifier may cause issues for tools/ides/scripts that extract argument names from Reflection information.

(For https://wiki.php.net/rfc/named_params , the argument names of variadics don't actually matter, but tooling being able to extract valid identifiers from extensions is convenient)

(I'm currently working on checking dozens of extensions reflection information for consistency with other sources of type/parameter names)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TysonAndre