From c754a0ea08bb9713b637a1851d6f37f0f1fde25f Mon Sep 17 00:00:00 2001 From: cgocast Date: Tue, 25 Jul 2023 09:22:49 +0200 Subject: [PATCH 1/2] Remove TaintedSql sink for PDOStatement related methods --- stubs/extensions/pdo.phpstub | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/stubs/extensions/pdo.phpstub b/stubs/extensions/pdo.phpstub index aec496547..c156de1be 100644 --- a/stubs/extensions/pdo.phpstub +++ b/stubs/extensions/pdo.phpstub @@ -111,15 +111,11 @@ class PDO public function lastInsertId(?string $name = null) {} /** - * @psalm-taint-sink sql $query - * * @return PDOStatement|false */ public function prepare(string $query, array $options = []) {} /** - * @psalm-taint-sink sql $query - * * @return PDOStatement|false */ public function query(string $query, ?int $fetchMode = null) {} @@ -150,16 +146,6 @@ class PDOStatement implements Traversable * @return false|T */ public function fetchObject($class = \stdclass::class, array $ctorArgs = array()) {} - - /** - * @psalm-taint-sink sql $value - */ - public function bindValue(string|int $param, mixed $value, int $type = PDO::PARAM_STR): bool {} - - /** - * @psalm-taint-sink sql $var - */ - public function bindParam(string|int $param, mixed &$var, int $type = PDO::PARAM_STR, int $maxLength = 0, mixed $driverOptions = null): bool {} } class PDOException extends RuntimeException { From 165df42e009925327b47d3b578cdf791c61f4c6d Mon Sep 17 00:00:00 2001 From: cgocast Date: Tue, 25 Jul 2023 10:33:25 +0200 Subject: [PATCH 2/2] Apply code review remarks --- stubs/extensions/pdo.phpstub | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/stubs/extensions/pdo.phpstub b/stubs/extensions/pdo.phpstub index c156de1be..4169ffbed 100644 --- a/stubs/extensions/pdo.phpstub +++ b/stubs/extensions/pdo.phpstub @@ -111,11 +111,15 @@ class PDO public function lastInsertId(?string $name = null) {} /** + * @psalm-taint-sink sql $query + * * @return PDOStatement|false */ public function prepare(string $query, array $options = []) {} /** + * @psalm-taint-sink sql $query + * * @return PDOStatement|false */ public function query(string $query, ?int $fetchMode = null) {} @@ -146,6 +150,10 @@ class PDOStatement implements Traversable * @return false|T */ public function fetchObject($class = \stdclass::class, array $ctorArgs = array()) {} + + public function bindValue(string|int $param, mixed $value, int $type = PDO::PARAM_STR): bool {} + + public function bindParam(string|int $param, mixed &$var, int $type = PDO::PARAM_STR, int $maxLength = 0, mixed $driverOptions = null): bool {} } class PDOException extends RuntimeException {