Merge pull request #8848 from mmcev106/urlencode

stubs/CoreGenericFunctions.phpstub

@@ -837,6 +837,15 @@ function htmlspecialchars(string $string, int $flags = ENT_COMPAT | ENT_HTML401,
  */
 function htmlspecialchars_decode(string $string, ?int $flags = null) : string {}
 
+/**
+ * @psalm-pure
+ *
+ * @psalm-taint-escape html
+ * @psalm-taint-escape has_quotes
+ * @psalm-flow ($string) -> return
+ */
+function urlencode(string $string) : string {}
+
 /**
  * @psalm-pure
  *

tests/TaintTest.php

@@ -722,6 +722,11 @@ class TaintTest extends TestCase
                         }
                     }'
             ],
+            'urlencode' => [
+                'code' => '<?php
+                    echo urlencode($_GET["bad"]);
+                '
+            ],
         ];
     }
 
@@ -2373,6 +2378,17 @@ class TaintTest extends TestCase
                     new $a($b);',
                 'error_message' => 'TaintedCallable',
             ],
+            'urlencode' => [
+                /**
+                 * urlencode() should only prevent html & has_quotes taints
+                 * All other taint types should be unaffected.
+                 * We arbitrarily chose system() to test this.
+                 */
+                'code' => '<?php
+                    system(urlencode($_GET["bad"]));
+                ',
+                'error_message' => 'TaintedShell'
+            ]
         ];
     }