There are already some userland taint-checking solutions for PHP e.g. the Phan taint-check plugin from MediaWiki: https://www.mediawiki.org/wiki/Phan-taint-check-plugin
I'm working on my own userland solution, too (based on Facebook's approach). Demo is here: https://psalm.dev/r/ebb9522fea
