FYI, Taint support for PHP 5.2.5 has been updated. The 20080423 version improves support for PCRE, and fixes a harmless read-after-free bug.
The primary goal of this code is to help PHP application programmers find and eliminate opportunities for HTML script injection, SQL or shell code injection, or PHP control hijacking. It's off by default, but can be configured to produce warnings or to terminate execution. User-mode "make test" run-time overhead is 0.5-1.5%, as measured on two different CPUs with the same OS and the same PHP executables. The bench.php overhead is 2%, and presents a worst-case number for compute-bound PHP applications that spend their entire life iterating over tiny loops. For more info, you can find links off http://wiki.php.net/rfc/taint/ I presented a talk this week to the NYPHP users group. You can find a copy of my slides at http://www.nyphp.org/content/presentations/ Wietse -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
