Skip to content

Commit

Permalink
Merge pull request #11078 from kamil-tekiela/mysqli_real_escape_string
Browse files Browse the repository at this point in the history
  • Loading branch information
weirdan authored Sep 7, 2024
2 parents 3ff52fb + 3e1165d commit 4324122
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 6 deletions.
4 changes: 2 additions & 2 deletions stubs/CoreGenericFunctions.phpstub
Original file line number Diff line number Diff line change
Expand Up @@ -1674,15 +1674,15 @@ function stream_select(null|array &$read, null|array &$write, null|array &$excep
* @psalm-taint-escape sql
* @psalm-flow ($string) -> return
*/
function mysqli_escape_string($string) {}
function mysqli_escape_string(mysqli $mysqli, $string) {}

/**
* @psalm-pure
*
* @psalm-taint-escape sql
* @psalm-flow ($string) -> return
*/
function mysqli_real_escape_string($string) {}
function mysqli_real_escape_string(mysqli $mysqli, $string) {}

/**
* @psalm-pure
Expand Down
10 changes: 6 additions & 4 deletions tests/TaintTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -744,9 +744,9 @@ function bar(array $arr): void {
$mysqli = new mysqli();
$a = $mysqli->escape_string($_GET["a"]);
$b = mysqli_escape_string($_GET["b"]);
$b = mysqli_escape_string($mysqli, $_GET["b"]);
$c = $mysqli->real_escape_string($_GET["c"]);
$d = mysqli_real_escape_string($_GET["d"]);
$d = mysqli_real_escape_string($mysqli, $_GET["d"]);
$mysqli->query("$a$b$c$d");',
],
Expand Down Expand Up @@ -2434,12 +2434,14 @@ public static function getPrevious(string $s): string {
],
'assertMysqliOnlyEscapesSqlTaints3' => [
'code' => '<?php
echo mysqli_escape_string($_GET["a"]);',
$mysqli = new mysqli();
echo mysqli_escape_string($mysqli, $_GET["a"]);',
'error_message' => 'TaintedHtml',
],
'assertMysqliOnlyEscapesSqlTaints4' => [
'code' => '<?php
echo mysqli_real_escape_string($_GET["a"]);',
$mysqli = new mysqli();
echo mysqli_real_escape_string($mysqli, $_GET["a"]);',
'error_message' => 'TaintedHtml',
],
'assertDb2OnlyEscapesSqlTaints' => [
Expand Down

0 comments on commit 4324122

Please sign in to comment.