phpinspectionsea "The domain here can be compromised, consider introducing whitelists." But whitelist is in place exactly as recommended

"The domain here can be compromised, consider introducing whitelists." But whitelist is in place exactly as recommended

Open MHCreations opened this issue 1 year ago • 0 comments

Subject Details

Plugin Php Inspections (EA Extended) V5.0.0.0

Language level PHP 7.3, PHP 8.0+

PhpStorm Version PhpStorm 2023.1

Subject	Details
Plugin	Php Inspections (EA Extended) V5.0.0.0
Language level	PHP 7.3, PHP 8.0+
PhpStorm Version	PhpStorm 2023.1

Current behaviour highlights risk of using $_SERVER['HTTP_HOST'] and suggests whitelisting.

However, the code in place uses the exact whitelisting method as outlined in the linked documentation.

phpstorm_ea_whitelisting

Syntax tweaks (such as explicitly adding ===true, etc. ) do not effect this issue highlighting.

Plugin should recognise when the code is fitting the expected syntax to mitigate the risk highlighted.

Information from Help - About dialog

Jun 21 '23 14:06 MHCreations