Merge pull request #8848 from mmcev106/urlencode

2025-01-22 13:51:54 +01:00 · 2022-12-05 21:17:34 -04:00 · 2022-12-05 21:17:34 -04:00 · 4dc969b887
commit 4dc969b887
parent 1cd10c3344 9764803c55
2 changed files with 25 additions and 0 deletions
--- a/stubs/CoreGenericFunctions.phpstub
+++ b/stubs/CoreGenericFunctions.phpstub
@ -837,6 +837,15 @@ function htmlspecialchars(string $string, int $flags = ENT_COMPAT | ENT_HTML401,
 */
 function htmlspecialchars_decode(string $string, ?int $flags = null) : string {}

+/**
+ * @psalm-pure
+ *
+ * @psalm-taint-escape html
+ * @psalm-taint-escape has_quotes
+ * @psalm-flow ($string) -> return
+ */
+function urlencode(string $string) : string {}
+
 /**
 * @psalm-pure
 *
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@ -722,6 +722,11 @@ class TaintTest extends TestCase
                        }
                    }'
            ],
+            'urlencode' => [
+                'code' => '<?php
+                    echo urlencode($_GET["bad"]);
+                '
+            ],
        ];
    }

@ -2373,6 +2378,17 @@ class TaintTest extends TestCase
                    new $a($b);',
                'error_message' => 'TaintedCallable',
            ],
+            'urlencode' => [
+                /**
+                 * urlencode() should only prevent html & has_quotes taints
+                 * All other taint types should be unaffected.
+                 * We arbitrarily chose system() to test this.
+                 */
+                'code' => '<?php
+                    system(urlencode($_GET["bad"]));
+                ',
+                'error_message' => 'TaintedShell'
+            ]
        ];
    }