Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Remove taint analysis false positives in TLP doc

Download Browse

The taint analysis detects some LFI and XSS in the TLP doc because the code does not make it easy to actually detect the `$current_section` variable is built from known values. This small code changes make it easier for the taint analysis engine to detect that. Note that you may need to comment the line `require($local_inc)` in pre.php to see the issue. Part request #15015: Initiate usage of Psalm taint analysis feature Change-Id: Iacaed6ce6862d85dd9b90d1614bb3bb7c88ce50e

+2 −2
Thomas Gerbet (tgerbet) 2020-07-07 14:53
Thomas Gerbet (tgerbet) 2020-07-07 14:53
48597d1a1bbc49a3cdf0e9aa6dd0f4901f864446
b29d1dcddf94b469fadd719e0782956b7292963c
git #tuleap/stable/48597d1a1bbc49a3cdf0e9aa6dd0f4901f864446

Modified Files

Side by side diff
Inline diff
Name
M src/www/tlp-doc/index.php +2 −2 Go to diff View file