search

laruence / taint

Taint is a PHP extension, used for detecting XSS codes
Other
611 stars 128 forks source link

Add unserialize as possible injection entry #14

Closed christiaan closed 9 years ago

christiaan commented 10 years ago

The unserialize function should also generate a warning when called with a tainted variable. See https://www.owasp.org/index.php/PHP_Object_Injection

laruence commented 9 years ago

thanks for the hinting, this is implemented in php7 version taint