Add phpinfo() to dangerous calls config #256
spaze
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Add
phpinfo()
to dangerous calls config (#255)See
for reasons why (
phpinfo()
echoes cookie values like the session id, which may then be stolen with XSS for example, bypassingHttpOnly
cookie flag), and use https://github.com/spaze/phpinfo instead of just callingphpinfo()
.Internal changes
array_values()
(It's already a list, no need to callarray_values()
#253, this is a new bleeding edge rule added in PHPStan 1.10.59)This discussion was created from the release Add phpinfo() to dangerous calls config.
Beta Was this translation helpful? Give feedback.
All reactions