function foo() { $a = "a weird string"; fb_set_taint($a, 0x1); echo $a; return $a; }
<?php $d = "worse "; $e = "great"; fb_set_taint($e, 0x1); $f = $d . $e; fb_unset_taint($f, 0x1); echo $e; // tainted echo $f; // not tainted
<?php /* +----------------------------------------------------------------------+ | HipHop for PHP | +----------------------------------------------------------------------+ | Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com) | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.php.net/license/3_01.txt | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ */ require_once 'setup.inc'; $a = "bad\n"; fb_set_taint($a, TAINT_HTML_MASK); print_r($a); $b = array($a); print_r($b);
<?php $a = "bad\n"; fb_set_taint($a, 0x1); if (fb_get_taint($a) & 0x1) { echo "a is tainted\n"; } else { echo "a is not tainted\n"; } echo $a; // tainted
/* +----------------------------------------------------------------------+ | HipHop for PHP | +----------------------------------------------------------------------+ | Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com) | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.php.net/license/3_01.txt | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ */ require_once 'setup.inc'; $a = "bad\n"; fb_set_taint($a, 1); $b = print_r($a, true); if (fb_get_taint($b) & TAINT_HTML_MASK) { echo "b is tainted\n"; } else { echo "b is not tainted\n"; } $b = array($a); $c = print_r($b, true); if (fb_get_taint($c) & TAINT_HTML_MASK) { echo "c is tainted\n"; } else { echo "c is not tainted\n"; }