Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: parse_str should probably be allowed in security preset #1259

Open
pelmered opened this issue Sep 16, 2024 · 0 comments
Open

[Bug]: parse_str should probably be allowed in security preset #1259

pelmered opened this issue Sep 16, 2024 · 0 comments
Labels
bug

Comments

@pelmered
Copy link

What Happened

The security preset for architecture testing reports parse_str as disallowed. However, the problematic behavior of this function has been deprecated since PHP 7.2 and removed since PHP 8 when the second parameter become mandatory. With the second parameter the security issue where parse_str would overwrite local variables is mitigated.

How to Reproduce

Use the architecture test with security preset: arch()->preset()->security();

And then use parse_str in your checked code.

Sample Repository

No response

Pest Version

3.0.4

PHP Version

8.3.11

Operation System

macOS

Notes

No response
@pelmered pelmered added the bug label Sep 16, 2024
@pelmered pelmered changed the title [Bug]: [Bug]: parse_str should probably be allowed in security preset Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pelmered