From 3e1165d55efa6d6ac0cf7561e684af7d9cd3ebd3 Mon Sep 17 00:00:00 2001 From: Kamil Tekiela Date: Tue, 20 Aug 2024 14:15:42 +0200 Subject: [PATCH] Fix mysqli_real_escape_string stub --- stubs/CoreGenericFunctions.phpstub | 4 ++-- tests/TaintTest.php | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/stubs/CoreGenericFunctions.phpstub b/stubs/CoreGenericFunctions.phpstub index 9f82c9a335f..0b2faf4d234 100644 --- a/stubs/CoreGenericFunctions.phpstub +++ b/stubs/CoreGenericFunctions.phpstub @@ -1674,7 +1674,7 @@ function stream_select(null|array &$read, null|array &$write, null|array &$excep * @psalm-taint-escape sql * @psalm-flow ($string) -> return */ -function mysqli_escape_string($string) {} +function mysqli_escape_string(mysqli $mysqli, $string) {} /** * @psalm-pure @@ -1682,7 +1682,7 @@ function mysqli_escape_string($string) {} * @psalm-taint-escape sql * @psalm-flow ($string) -> return */ -function mysqli_real_escape_string($string) {} +function mysqli_real_escape_string(mysqli $mysqli, $string) {} /** * @psalm-pure diff --git a/tests/TaintTest.php b/tests/TaintTest.php index 27ea0a7a134..905679e729a 100644 --- a/tests/TaintTest.php +++ b/tests/TaintTest.php @@ -744,9 +744,9 @@ function bar(array $arr): void { $mysqli = new mysqli(); $a = $mysqli->escape_string($_GET["a"]); - $b = mysqli_escape_string($_GET["b"]); + $b = mysqli_escape_string($mysqli, $_GET["b"]); $c = $mysqli->real_escape_string($_GET["c"]); - $d = mysqli_real_escape_string($_GET["d"]); + $d = mysqli_real_escape_string($mysqli, $_GET["d"]); $mysqli->query("$a$b$c$d");', ], @@ -2434,12 +2434,14 @@ public static function getPrevious(string $s): string { ], 'assertMysqliOnlyEscapesSqlTaints3' => [ 'code' => ' 'TaintedHtml', ], 'assertMysqliOnlyEscapesSqlTaints4' => [ 'code' => ' 'TaintedHtml', ], 'assertDb2OnlyEscapesSqlTaints' => [