pest icon indicating copy to clipboard operation
pest copied to clipboard
verified publisher icon pestphp

[Bug]: parse_str should probably be allowed in security preset

Open pelmered opened this issue 1 year ago • 0 comments

What Happened

The security preset for architecture testing reports parse_str as disallowed. However, the problematic behavior of this function has been deprecated since PHP 7.2 and removed since PHP 8 when the second parameter become mandatory. With the second parameter the security issue where parse_str would overwrite local variables is mitigated.

How to Reproduce

Use the architecture test with security preset: arch()->preset()->security();

And then use parse_str in your checked code.

Sample Repository

No response

Pest Version

3.0.4

PHP Version

8.3.11

Operation System

macOS

Notes

No response

pelmered avatar Sep 16 '24 22:09 pelmered