|
ZEND_BEGIN_ARG_INFO_EX(taint_arginfo, 0, 0, 1) |
|
ZEND_ARG_INFO(1, string) |
|
ZEND_ARG_INFO(1, ...) |
|
ZEND_END_ARG_INFO() |
|
|
|
ZEND_BEGIN_ARG_INFO_EX(untaint_arginfo, 0, 0, 1) |
|
ZEND_ARG_INFO(1, string) |
|
ZEND_ARG_INFO(1, ...) |
|
ZEND_END_ARG_INFO() |
Observed: ... used as the getName()
Desired: args or some other valid php identifier for a variable name
This would be equivalent to function taint($string, $...), where ... is not a valid php identifier and it would be impossible for a user-defined function to use ... as a parameter name.
The use of an invalid identifier may cause issues for tools/ides/scripts that extract argument names from Reflection information.
(For https://wiki.php.net/rfc/named_params , the argument names of variadics don't actually matter, but tooling being able to extract valid identifiers from extensions is convenient)
(I'm currently working on checking dozens of extensions reflection information for consistency with other sources of type/parameter names)
taint/taint.c
Lines 37 to 45 in 2deabd5
Observed:
...used as the getName()Desired:
argsor some other valid php identifier for a variable nameThis would be equivalent to
function taint($string, $...), where...is not a valid php identifier and it would be impossible for a user-defined function to use...as a parameter name.The use of an invalid identifier may cause issues for tools/ides/scripts that extract argument names from Reflection information.
(For https://wiki.php.net/rfc/named_params , the argument names of variadics don't actually matter, but tooling being able to extract valid identifiers from extensions is convenient)
(I'm currently working on checking dozens of extensions reflection information for consistency with other sources of type/parameter names)