Supporting the "literal-string" type, used to prevent Injection vulnerabilities

创建于 2022年09月02日 17:09

Both Psalm and PHPStan have supported the "literal-string" type for a year:

https://github.com/vimeo/psalm/releases/tag/4.8.0
https://github.com/phpstan/phpstan/releases/tag/0.12.97

This type is designed to stop Injection Vulnerabilities (because a developer defined string cannot contain user data).

Could this be supported by PhpStorm?

While full support would be ideal, could you start by not showing a warning? PhpStorm currently says "Undefined class 'literal-string'".

4 条评论

Andriy Bazanov

创建于 2022年09月02日 18:37

Hi there,

https://youtrack.jetbrains.com/issue/WI-64109/literal-string-support-in-phpdoc

Craig

创建于 2022年09月03日 09:11

Thank you Andriy, I didn't realise there was public issue tracker.

Do you know (roughly) when this will be made available... I suspect 2022.2.2 will only contain bug fixes; so maybe 2022.3, at some point later in the year, I assume early December?

Andriy Bazanov

创建于 2022年09月03日 09:48

You are correct. Most likely it will be 2022.3 in December (although you can use EAP builds if you wish, the EAP program for 2022.3 will quite possibly start at the end of this month -- just follow the blog)

Craig

创建于 2022年09月05日 16:05

Thank you Andriy :-)

请先登录再写评论。