First of all: I've been playing around with it and it looks great!
Some comments:
1) I added taint support to func_get_args() and func_get_arg(), a patch
is attached.
2) Maybe the functions should be renamed to taint_xxx (e.g. taint_set,
taint_clear, taint_check or the like) to reside in their own 'namespace'.
I hope your work will be integrated in the main PHP tree as it provides
a useful tool to developers IMHO.
For now I plan to use your patch on our development machines so I might
have more feedback in the near future.
Cheers,
- Chris
--- Zend/zend_builtin_functions.c.orig 2007-11-08 14:09:16.000000000 +0100
+++ Zend/zend_builtin_functions.c 2007-11-08 14:09:20.000000000 +0100
@@ -231,6 +231,7 @@
*return_value = *arg;
zval_copy_ctor(return_value);
INIT_PZVAL(return_value);
+ Z_TAINT_MARKS_COPY_P(return_value, arg);
}
/* }}} */
@@ -266,6 +267,7 @@
*element = **((zval **) (p-(arg_count-i)));
zval_copy_ctor(element);
INIT_PZVAL(element);
+ Z_TAINT_MARKS_COPY_P(element, *((zval **) (p-(arg_count-i))));
zend_hash_next_index_insert(return_value->value.ht, &element,
sizeof(zval *), NULL);
}
}
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
