From 9764803c559985bfa5430dbbcd7bfdb042fdd520 Mon Sep 17 00:00:00 2001
From: Mark McEver <mark@fastmail.net>
Date: Mon, 5 Dec 2022 17:25:36 -0600
Subject: [PATCH] Allowed taints to pass through urlencode()

---
 stubs/CoreGenericFunctions.phpstub |  9 +++++++++
 tests/TaintTest.php                | 16 ++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/stubs/CoreGenericFunctions.phpstub b/stubs/CoreGenericFunctions.phpstub
index bbbd18c3e1f..4ce4136f01e 100644
--- a/stubs/CoreGenericFunctions.phpstub
+++ b/stubs/CoreGenericFunctions.phpstub
@@ -837,6 +837,15 @@ function htmlspecialchars(string $string, int $flags = ENT_COMPAT | ENT_HTML401,
  */
 function htmlspecialchars_decode(string $string, ?int $flags = null) : string {}
 
+/**
+ * @psalm-pure
+ *
+ * @psalm-taint-escape html
+ * @psalm-taint-escape has_quotes
+ * @psalm-flow ($string) -> return
+ */
+function urlencode(string $string) : string {}
+
 /**
  * @psalm-pure
  *
diff --git a/tests/TaintTest.php b/tests/TaintTest.php
index 3058697a180..744f046a172 100644
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@@ -722,6 +722,11 @@ function bar(array $arr): void {
                         }
                     }'
             ],
+            'urlencode' => [
+                'code' => '<?php
+                    echo urlencode($_GET["bad"]);
+                '
+            ],
         ];
     }
 
@@ -2373,6 +2378,17 @@ public static function getPrevious(string $s): string {
                     new $a($b);',
                 'error_message' => 'TaintedCallable',
             ],
+            'urlencode' => [
+                /**
+                 * urlencode() should only prevent html & has_quotes taints
+                 * All other taint types should be unaffected.
+                 * We arbitrarily chose system() to test this.
+                 */
+                'code' => '<?php
+                    system(urlencode($_GET["bad"]));
+                ',
+                'error_message' => 'TaintedShell'
+            ]
         ];
     }