Supporting the "literal-string" type, used to prevent Injection vulnerabilities

Both Psalm and PHPStan have supported the "literal-string" type for a year:

https://github.com/vimeo/psalm/releases/tag/4.8.0
https://github.com/phpstan/phpstan/releases/tag/0.12.97

This type is designed to stop Injection Vulnerabilities (because a developer defined string cannot contain user data).

Could this be supported by PhpStorm?

While full support would be ideal, could you start by not showing a warning? PhpStorm currently says "Undefined class 'literal-string'".

4 comments
Comment actions Permalink

Thank you Andriy, I didn't realise there was public issue tracker.

Do you know (roughly) when this will be made available... I suspect 2022.2.2 will only contain bug fixes; so maybe 2022.3, at some point later in the year, I assume early December?

0
Comment actions Permalink

You are correct. Most likely it will be 2022.3 in December (although you can use EAP builds if you wish, the EAP program for 2022.3 will quite possibly start at the end of this month -- just follow the blog)

0
Comment actions Permalink

Thank you Andriy :-)

0

Please sign in to leave a comment.