On Fri, Jul 17, 2015 at 9:00 AM, Craig Francis <cr...@craigfrancis.co.uk> wrote:
> Hi, > > I'm looking at creating an RFC to address security issues that relate to > poor string handling / escaping, such as SQL-Injection, XSS, etc. > Sounds like you are describing the taint extension <http://php.net/manual/en/intro.taint.php>: *Taint is an extension, which is used for detecting XSS codes(tainted string). And also can be used to spot sql injection vulnerabilities, and shell inject, etc.* *When taint is enabled, if you pass a tainted string (comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that.* See also the taint RFC <https://wiki.php.net/rfc/taint>. Regards, bishop
