Taint/detail-Phpdoc专题
More Details
目录
- Functions and Statements which will spread the tainted mark of a tainted string
- Functions and statements which will check tainted string
- Functions which untaint the tainted string
Functions and Statements which will spread the tainted mark of a tainted string
| Function/Statement | Since |
|---|---|
| = (assign) | 0.1.0 |
| . (concat) | 0.1.0 |
| "{$var}" (variable substitution) | 0.1.0 |
| .= (assign concat) | 0.1.0 |
| strval | 0.3.0 |
| explode/split | 0.3.0 |
| implode/join | 0.3.0 |
| sprintf | 0.3.0 |
| vsprintf | 0.3.0 |
| trim | 0.4.0 |
| rtrim | 0.4.0 |
| ltrim | 0.4.0 |
| strstr | 0.5.0 |
| str_pad | 0.5.0 |
| str_replace | 0.5.0 |
| substr | 0.5.0 |
| strtolower | 0.5.0 |
| strtoupper | 0.5.0 |
Functions and statements which will check tainted string
Function/Statement
Since
Basic statments
eval
0.1.0
include/include_once
0.1.0
require/require_once
0.1.0
Outputing Functions
echo
0.1.0
0.1.0
printf
0.1.0
file_put_contents
0.1.0
File System Functions
fopen
0.2.0
opendir
0.2.0
basename
0.2.0
dirname
0.2.0
file
0.2.0
pathinfo
0.2.0
Database relevant Functions
mysql_query
0.2.0
mysqli_query/MySQLi::query
0.2.0
sqlite_query/SqliteDataBase::query
0.3.0
sqlite_single_query/SqliteDataBase::singleQuery
0.3.0
oci_parse
0.3.0
PDO::query
0.3.0
PDO::prepare
0.3.0
SQLite3::query
2.0.1
SQLite3::prepare
2.0.1
Command Line relevant Functions
system
0.1.0
exec
0.1.0
proc_open
0.1.0
passthru
0.1.0
shell_exec
0.3.0
Functions which untaint the tainted string
| Function | Since |
|---|---|
| addslashes | 0.1.0 |
| addcslashes | 0.1.0 |
| htmlspecialchars | 0.1.0 |
| htmlentities | 0.1.0 |
| escapeshellcmd | 0.1.0 |
| mysql_escape_string | 0.1.0 |
| mysql_real_escape_string | 0.1.0 |
| mysqli_escape_string/MySQLi::escape_string | 0.1.0 |
| mysqli_real_escape_string/MySQLi::real_escape_string | 0.1.0 |
| sqlite_escape_string/SqliteDataBase::escapeString | 0.3.0 |
| PDO::quote | 0.3.0 |