Bruce Weirdan
|
7b43d321ad
|
Correct gzread signature (#4960)
Fixes vimeo/psalm#4959
|
2021-01-29 11:47:28 +01:00 |
|
Holger Woltersdorf
|
972da55d84
|
Add missing param for constructor arguments in PDOStatement#fetchObject (#4915)
* Add missing param for constructor arguments
PDOStatement#fetchObject allows a second, optional parameter for constructor arguments, which - if given - will be passed to the given class' constructor.
See: https://www.php.net/manual/de/pdostatement.fetchobject.php
Also see the PhpStorm stubs: https://github.com/JetBrains/phpstorm-stubs/blob/master/PDO/PDO.php#L1441
* Fix wrong nullability for 2nd argument in PDOStatement#fetchObject
|
2021-01-29 11:47:24 +01:00 |
|
Benjamin Morel
|
44c79daf1a
|
GEOS stubs (#4902)
|
2021-01-29 11:47:22 +01:00 |
|
Benjamin Morel
|
e6d23d10e9
|
Return type for DateTimeZone::getTransitions() (#4879)
|
2021-01-29 11:47:22 +01:00 |
|
Benjamin Morel
|
8b8c6e5a02
|
Improve DateTimeZone signatures (#4870)
|
2021-01-29 11:47:21 +01:00 |
|
Christer Edvartsen
|
3f86e8cb94
|
According to the PHP docs the session_name signature is: (#4855)
session_name ([ string|null $name = null ] ) : string|false
Resolves Possibly incorrect handling of session_name() #4854
|
2021-01-29 11:47:21 +01:00 |
|
Fabien Villepinte
|
519edd9251
|
ftp_misd may return false (#4830)
|
2021-01-29 11:47:20 +01:00 |
|
orklah
|
7a217a060d
|
allow passing mixed in is_a (#4780)
|
2021-01-29 11:47:16 +01:00 |
|
orklah
|
ca26acd31e
|
improve pg_fetch return types (#4777)
|
2021-01-29 11:47:15 +01:00 |
|
Benjamin Morel
|
8990f1ec95
|
Fix ImagickPixel::getColor() (#4758)
|
2021-01-29 11:47:13 +01:00 |
|
Benjamin Morel
|
1c14600c03
|
Improve Imagick call map (#4757)
|
2021-01-29 11:47:12 +01:00 |
|
orklah
|
0814f5d6ee
|
sync param names with php (#4745)
* sync param names with php
* fiw prefixes
|
2021-01-29 11:47:10 +01:00 |
|
LeSuisse
|
2a56a3a0c9
|
Fix incorrect taint sink map for \rmdir (#4703)
Closes #4690
|
2021-01-29 11:46:26 +01:00 |
|
Benjamin Morel
|
ec89cc623a
|
Fix PDOStatement::fetchObject() return type (#4682)
|
2021-01-29 11:46:24 +01:00 |
|
Matt Brown
|
7f0ac653a1
|
First creation_function param isnÆt really a sink
|
2021-01-29 11:46:18 +01:00 |
|
Markus Staab
|
2c998aea7e
|
documented type in InternalTaintSinkMap (#4627)
|
2021-01-29 11:46:17 +01:00 |
|
Lukas Reschke
|
2ad5eee193
|
Add dedicated types for 'file', 'header' and 'cookie' (#4630)
* [WIP] Add dedicated sinks for 'file', 'header' and 'cookie'
* Add documentation
* Add mapping for taint flows
* Add tests
* Fix test
|
2021-01-29 11:46:16 +01:00 |
|
Lukas Reschke
|
ce05165384
|
Split LDAP into custom category (#4604)
- Adds ldap_escape as sanitizer
- Defines the right parameters to ldap_search as sink
- Wrote documentation
- Added tests
|
2021-01-29 11:46:14 +01:00 |
|
Lukas Reschke
|
99d094b5e0
|
Add SSRF sinks (#4592)
|
2021-01-29 11:46:14 +01:00 |
|
Matt Brown
|
2c69618347
|
Break out TaintedInput issues into a lot of separate ones
|
2021-01-29 11:46:13 +01:00 |
|
Benjamin Morel
|
4cd6a2b532
|
DateTimeInterface::getTimeZone() can return false (#4579)
Fixes #4515
|
2021-01-29 11:46:12 +01:00 |
|
Benjamin Morel
|
8d37f16616
|
mysqli::$insert_id can be a string (#4577)
|
2021-01-29 11:46:12 +01:00 |
|
Tyson Andre
|
e06350b1ad
|
Fix curl_multi_getcontent signature (#4580)
|
2021-01-29 11:46:12 +01:00 |
|
Lukas Reschke
|
ff55dba130
|
Add sinks for popen and proc_open (#4572)
User input in those two functions could lead to a RCE.
popen: https://www.php.net/manual/en/function.popen.php
proc_open: https://www.php.net/manual/en/function.proc-open.php
|
2021-01-29 11:46:11 +01:00 |
|
orklah
|
88a075456d
|
Add undocumented properties in SoapFault (#4510)
|
2021-01-29 11:46:06 +01:00 |
|
Matt Brown
|
0f022c711d
|
Remove use of PHP 7.2 function
|
2021-01-29 11:45:02 +01:00 |
|
Philip Hofstetter
|
61a24c5577
|
improve mb_strtolower return type (#4469)
this fixes #4455
|
2021-01-29 11:45:02 +01:00 |
|
Matt Brown
|
a495e067ca
|
Protect more calls
|
2021-01-29 11:44:34 +01:00 |
|
Matt Brown
|
f9adf24d6d
|
Use lists everywhere for args
|
2021-01-29 11:44:34 +01:00 |
|
Matt Brown
|
7df404bfb5
|
Fix #4374 - prevent paradox and allow Psalm to understand more assignments in conditionals
|
2021-01-29 11:41:13 +01:00 |
|
Matt Brown
|
3a95ab9885
|
getShortName does not return a class-string
|
2021-01-29 11:41:12 +01:00 |
|
Matt Brown
|
1a4292b992
|
4.x - fix callmap regressions
|
2021-01-29 11:39:52 +01:00 |
|
Matt Brown
|
88284c2b3d
|
4.x - add support for PHP 8 callmap
|
2021-01-29 11:39:51 +01:00 |
|
Matt Brown
|
36ed769b9f
|
Add more fixes
|
2021-01-29 11:39:51 +01:00 |
|
Matt Brown
|
df98750963
|
Fix order
|
2021-01-29 11:39:51 +01:00 |
|
Matt Brown
|
3558a66a12
|
Add changes from PHPStan‘s functionmap
|
2021-01-29 11:39:51 +01:00 |
|
Matt Brown
|
a531c2e450
|
Move static code out of src
|
2021-01-29 11:39:51 +01:00 |
|