Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a sniff to make sure filter_input is not used with only the default settings #70

Open
moorscode opened this issue Feb 10, 2018 · 7 comments
Open

Create a sniff to make sure filter_input is not used with only the default settings #70

moorscode opened this issue Feb 10, 2018 · 7 comments
Labels
Prio: 1/High Status: wait for upstream/PHPCSExtra Type: enhancement
Milestone
3.x Next

Comments

@moorscode
Copy link
Contributor

As the default is RAW INPUT, this does not add anything.
@moorscode
Copy link
Contributor Author

This can be added to the sniff introduced in #74

@moorscode moorscode added this to the Future release milestone Oct 24, 2018
@jrfnl
Copy link
Collaborator

jrfnl commented Nov 19, 2021

👋🏻 We also need to make sure to forbid the string filter which has been deprecated in PHP 8.1.

@diedexx
Copy link
Member

diedexx commented Dec 6, 2021

@increddibelly, @jrfnl had a discussion about the filter functions and came up with a list of filter that we want to forbid:

FILTER_SANITIZE_MAGIC_QUOTES
FILTER_SANITIZE_STRING (unless option flags are given)
FILTER_SANITIZE_STRIPPED (unless option flags are given)
FILTER_DEFAULT
FILTER_UNSAFE_RAW

@jrfnl
Copy link
Collaborator

jrfnl commented Dec 6, 2021

And let's extend the filter requirements to ALL functions in the Filter extension: https://www.php.net/manual/en/book.filter.php

@jrfnl
Copy link
Collaborator

jrfnl commented Dec 6, 2021

Also loosely related #34

@jrfnl
Copy link
Collaborator

jrfnl commented Dec 6, 2021

Related upstream issues:

Any sniff we would create here would be a candidate to be pulled upstream at a later point in time.

@jrfnl
Copy link
Collaborator

jrfnl commented Dec 14, 2021
edited

Been doing some digging into the filter extension and discovering more and more WTFs.

The sniff I'm currently writing will comprehensively check for all of them. You may not like what you see when we run the sniff over the various code bases....

@jrfnl jrfnl modified the milestones: 2.2.1, 2.3.0 Feb 17, 2022
@jrfnl jrfnl removed this from the 2.3.0 milestone Jan 6, 2023
@jrfnl jrfnl added this to the 3.x Next milestone Sep 22, 2023
@jrfnl jrfnl modified the milestones: 3.1.0, 3.x Next Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Prio: 1/High Status: wait for upstream/PHPCSExtra Type: enhancement
Projects
None yet
Milestone
3.x Next
Development

No branches or pull requests
3 participants
@jrfnl @moorscode @diedexx