nextcloud

History

Morris Jobke 1f06bc246c Declare func() as safe method in phan We added a special `func()` method to the query builder, which is a plain text function by definition. It uses the string and does no escaping on purpose. It has the potential for an injection but requiring to add the "supress warning" to all surrounding code makes it harder to spot actual problems, that this plugin want to find. So it's better to only need to check the func() and not all the surrounding code as well. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-04-17 10:58:00 +02:00
..
SqlInjectionCheckerPlugin.php	Declare func() as safe method in phan	2018-04-17 10:58:00 +02:00

We added a special `func()` method to the query builder, which is a plain text function by definition. It uses the string and does no escaping on purpose. It has the potential for an injection but requiring to add the "supress warning" to all surrounding code makes it harder to spot actual problems, that this plugin want to find. So it's better to only need to check the func() and not all the surrounding code as well.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

2018-04-17 10:58:00 +02:00

SqlInjectionCheckerPlugin.php

Declare func() as safe method in phan

2018-04-17 10:58:00 +02:00