taintmark should track individual entries in arrays

laruence / taint

Taint is a PHP extension, used for detecting XSS codes

Other

611 stars 128 forks source link

Open Mrten opened 11 years ago

Mrten commented 11 years ago

otherwise, if you do

$params['a'] = 'a';
$params['b'] = $_GET['b'];
...
$params['z'] = 'z';

the whole of $params is tainted.