File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -19,13 +19,16 @@ are not limited to):
1919- Invocation of specially crafted, malicious code intended to cause memory
2020 violations. This commonly includes malicious error handlers, destructors or
2121 ` __toString() ` functions. PHP does not offer sandboxing, and the execution of
22- untrusted code is always considered unsafe.
22+ untrusted code is always considered unsafe. Such issues are bugs, but not
23+ security issues. They may still be reported, though please avoid reporting
24+ the known issues.
2325
2426- Passing malicious arguments to functions clearly not intended to receive
2527 unsanitized values, e.g. ` mysqli_query() ` . ` escapeshellarg() ` on the other
2628 hand should clearly be hardened against unsafe inputs.
2729
28- - The use of legacy APIs or settings known to be insecure.
30+ - The use of legacy APIs or settings known to be insecure, particularly those
31+ documented as such, or those with a secure alternative.
2932
3033- The use of FFI.
3134
You can’t perform that action at this time.
0 commit comments