略微加速

PHP官方手册 - 互联网笔记

PHP - Manual: 简介

2024-11-14

简介

Taint is an extension, which is used for detecting XSS codes(tainted string). And also can be used to spot sql injection vulnerabilities, and shell inject, etc.

When taint is enabled, if you pass a tainted string (comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that.

示例 #1 Taint()example

<?php
$a 
trim($_GET['a']);

$file_name '/tmp' .  $a;
$output    "Welcome, {$a} !!!";
$var       "output";
$sql       "Select *  from " $a;
$sql      .= "ooxx";

echo 
$output;

print $
$var;

include(
$file_name);

mysql_query($sql);
?>

以上例程的输出类似于:

Warning: main() [function.echo]: Attempt to echo a string that might be tainted

Warning: main() [function.echo]: Attempt to print a string that might be tainted

Warning: include() [function.include]: File path contains data that might be tainted

Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted
add a noteadd a note

User Contributed Notes

There are no user contributed notes for this page.

官方地址:https://www.php.net/manual/en/intro.taint.php

北京半月雨文化科技有限公司.版权所有 京ICP备12026184号-3