It doesn't work in most cases from your example

[dzentota]

<?php
ini_set(‘taint.enable’, ‘On’);
ini_set(‘taint.error_level’, E_WARNING);
ini_set(‘display_errors’ , 1);
error_reporting(E_ALL);

$a = trim($_GET[‘a’]);
$output    = “Welcome, {$a} !!!“;
$var       = “output”;
//№1
echo $a; // Warning;
//№2
echo $output; //NO WARNING;
//№3
echo $$var; //NO WARNING;

Expected: 3 Warnings, one warning for each case (№1, №2, №3) Actual: 1 Warning, only for №1

Environment: php -v

PHP 7.1.22 (cli) (built: Sep 15 2018 03:54:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.1.22, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.5.5, Copyright (c) 2002-2017, by Derick Rethans
    with blackfire v1.23.0~linux-x64-non_zts71, https://blackfire.io, by Blackfire

cat /etc/issue

Debian GNU/Linux 8 \n \l

[laruence]

you have xdebug loaded which is conflicted with taint , please refer to the document..

thanks