1
0
mirror of https://github.com/danog/psalm.git synced 2024-11-30 04:39:00 +01:00

$expr->name is not prefixed with $ (#4554)

The example as-is would currently not flag the following code:

```
	public function foo() {
		$foo = $bad_data;
		\shell_exec($foo);
        } 
```

Switching it to `bad_data` made it work.
This commit is contained in:
Lukas Reschke 2020-11-16 02:28:24 +01:00 committed by Daniil Gentili
parent 2f368244a4
commit 7079cff31c
Signed by: danog
GPG Key ID: 8C1BE3B34B230CA7

View File

@ -53,7 +53,7 @@ class BadSqlTainter implements AfterExpressionAnalysisInterface
array &$file_replacements = [] array &$file_replacements = []
) { ) {
if ($expr instanceof PhpParser\Node\Expr\Variable if ($expr instanceof PhpParser\Node\Expr\Variable
&& $expr->name === '$bad_data' && $expr->name === 'bad_data'
) { ) {
$expr_type = $statements_source->getNodeTypeProvider()->getType($expr); $expr_type = $statements_source->getNodeTypeProvider()->getType($expr);