Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a sniff to make sure we are not using filter_input for server variables #34

Open
atimmer opened this issue Jul 14, 2017 · 1 comment
Open

Create a sniff to make sure we are not using filter_input for server variables #34

atimmer opened this issue Jul 14, 2017 · 1 comment
Labels
Prio: 3/Low Status: wait for upstream/PHPCSExtra Type: enhancement
Milestone
Future release

Comments

@atimmer
Copy link
Contributor

atimmer commented Jul 14, 2017
edited by moorscode

Filtering SERVER_INPUT variables using filter_input is disabled on some PHP configurations. (And fails silently)
@moorscode moorscode changed the title Create sniff to make we are not using filter_input for server variables Create sniff to make sure we are not using filter_input for server variables Dec 28, 2017
@moorscode moorscode changed the title Create sniff to make sure we are not using filter_input for server variables Create a sniff to make sure we are not using filter_input for server variables Feb 10, 2018
@atimmer
Copy link
Contributor Author

atimmer commented Sep 21, 2018

Wrong:

$value = filter_input( INPUT_SERVER, 'any-value' );

Correct:

$value = $_SERVER[ 'any-value' ];

This probably also requires sanitisation, because that is normally covered by filter_input but I am assuming that another rule covers sanitisation.

@moorscode moorscode added this to the Future release milestone Oct 24, 2018
@jrfnl jrfnl mentioned this issue Dec 6, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Prio: 3/Low Status: wait for upstream/PHPCSExtra Type: enhancement
Projects
None yet
Milestone
Future release
Development

No branches or pull requests
3 participants
@atimmer @jrfnl @moorscode