I've uploaded a new version of taint support for PHP. You can find
all the files via:
ftp://ftp.porcupine.org/pub/php/index.html
This version supports PHP 5.2.5, and fixes one typo in mysqli
support (thanks Adam Gundy). Little has changed because I wanted
to catch up with the current PHP release first.
What is taint support for PHP about?
This is a preliminary implementation of support for tainted variables
in PHP. The goal is to help PHP application programmers find and
eliminate opportunities for HTML script injection, SQL or shell
code injection, or PHP control hijacking, before other people can
exploit them. The implementation provides taint support for basic
operators and for a selection of built-functions and extensions.
For examples and details, see the README file, also on-line at:
ftp://ftp.porcupine.org/pub/php/php-5.2.5-taint-20080130.README.html
I need your feedback to make this code complete. I hope to do
several quick 1-2 month release cycles in which I collect feedback,
fill in missing things, and adjust course until things stabilize.
Wietse
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
