print_r false positives

Free Static Code Analysis Tool for PHP Applications

Status: Beta

Brought to you by: fluxreiners

Status: open-accepted

Owner: nobody

Labels: None

Priority: 2

Updated: 2014-08-14

Created: 2012-03-20

Private: No

print_r($_GET[$something], true) is not a (direct) XSS vulnerability due to the second parameter.

Johannes Dahse - 2012-03-20

Thank you for reporting this, Christopher. You are right.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: