Kutulutsidwa kwa Masalimo 3.12, kusanthula kwachiyankhulo cha PHP. Kutulutsidwa kwa alpha kwa PHP 8.0
Kampani ya Vimeo losindikizidwa kutulutsidwa kwatsopano kwa static analyzer Salmo 3.12, zomwe zimakulolani kuti muzindikire zolakwika zoonekeratu komanso zosaoneka bwino mu PHP code, komanso kukonza zolakwika zina. Dongosololi ndi loyenera kuzindikira zovuta zonse mu code ya cholowa komanso mu code yomwe imagwiritsa ntchito zinthu zamakono zomwe zayambitsidwa m'nthambi zatsopano za PHP. Khodi ya polojekitiyi idalembedwa mu PHP ndi wogawidwa ndi pansi pa layisensi ya MIT.
M’kope latsopano la Masalimo zakhazikitsidwa njira ya "--taint-analysis" imakupatsani mwayi kuti muwone ubale womwe ulipo pakati pa magawo omwe alandilidwa kuchokera kwa wogwiritsa ntchito (mwachitsanzo, $_GET['dzina']) ndikugwiritsa ntchito m'malo omwe amafunikira kuthawa (mwachitsanzo, echo " $dzina "), kuphatikizira kutsata maunyolo apakati ndi ma foni ogwira ntchito. Kugwiritsa ntchito ma associative arrays $_GET, $_POST ndi $_COOKIE amaonedwa ngati magwero a data yomwe ingakhale yowopsa, koma ndizothekanso tanthauzo magwero ake. Zochita zomwe zimafuna kuti anthu azitha kutsata zikuphatikizapo zomwe zimapanga HTML, kuwonjezera mitu ya HTTP, kapena kufunsa mafunso a SQL.
Kutsimikizira kumagwiritsidwa ntchito mukamagwiritsa ntchito monga echo, exec, kuphatikiza ndi mutu. Pofufuza kufunika kothawa, mitundu ya deta monga malemba, zingwe ndi SQL, HTML ndi Shell code, zingwe zokhala ndi zizindikiro zovomerezeka zimaganiziridwa. Njira yomwe mukufuna imakupatsani mwayi kuti muzindikire zovuta zomwe zimatsogolera ku scripting (XSS) kapena SQL m'malo.
Kuphatikiza apo, zitha kuzindikirika woyamba kuyesa kwa alpha kwa nthambi yatsopano ya PHP 8.0. Kutulutsidwa kwakonzedwa pa Novembara 26. Izi zikuyembekezeka ku nthambi yatsopano: zatsopanomonga:
Mbali yatsopano str_contains(), analogue yophweka ya strpos kuti mudziwe kupezeka kwa chingwe chochepa, komanso ntchito str_starts_with() ndi str_ends_with() poyang'ana machesi kumayambiriro ndi kumapeto kwa chingwe.