[Summary]
  This file describes the functions and language constructs that can be seen
  as sensitive sinks. This means that they can cause vulnerabilities to occur when
  tainted data is given to them. Functions that are deprecated or experimental are not 
  included in the function list.

[Language constructs]
  * die     | equivalent to exit()
  * echo    | Outputs one or more strings
  * exit    | Output a message and terminate the current script
  * print   | Output a string
  * ``      | Backticks. Direct shell commands

[Internal functions]
  * assert                         | String given will be evaluated as PHP code.
  * bind_textdomain_codeset        | Codeset can be changed by user
  * bindtextdomain                 | Codeset can be changed by user
  * bzopen                         | Can open an arbitrary bzip2 file
  * bzwrite                        | Writes to a bzip2 file
  * call_user_func                 | Calls a use function given a string
  * call_user_func_array           | Calls a use function given a string
  * chdir                          | Changes the current PHP directory to given string
  * chgrp                          | Changes file group
  * chmod                          | Changes file permissions
  * chown                          | Changes file owner
  * chroot                         | Changes root directory of the current process
  * com_load_typelib               | Loads a typelib, expensive.
  * constant                       | Returns value of the constant with the name of the given string
  * copy                           | Copies file on file system
  * create_function                | Creates an anonymous lambda-style function
  * curl_init                      | Initializes a new curl session to a certain URL
  * cyrus_connect                  | Connects to a Cyrus IMAP server
  * dba_delete                     | Delete DBA entry specified by key
  * dba_exists                     | Check whether key exists
  * dba_fetch                      | Fetch data specified by key
  * dba_insert                     | Inserts Key valye pair into database
  * dba_popen                      | Opens a database persistently
  * dba_replace                    | Replaces a value in the database
  * dbase_add_record               | Adds a record in a dBase database
  * dbase_create                   | Creates a dBase database
  * dbase_delete_record            | Deletes a dBase record
  * dbase_get_record               | Gets a dBase record
  * dbase_get_record_with_names    | Gets a dBase record
  * dbase_open                     | Opens a dBase database
  * dbase_replace_record           | Replaces a recod in a dBase database
  * dbx_connect                    | Connects to a database
  * dbx_query                      | Queries a database
  * dcgettext                      | Overrides the gettext-domain for a single lookup
  * dcngettext                     | Plural version of dcgettext
  * dgettext                       | Overrides the gettext-domain for a single lookup
  * dio_open                       | Opens a file
  * dio_write                      | Writes a given string to a file
  * dirname                        | Given a path, returns the name of a directory
  * dngettext                      | Plural version of dgettext
  * domxml_open_file               | Creates a DOM object from an XML file
  * domxml_open_mem                | Creates a DOM object of an XML document
  * domxml_xslt_stylesheet         | Creates a DomXsltStylesheet object from an XSL document in a string
  * domxml_xslt_stylesheet_file    | Creates a DomXsltStylesheet object from an XSL document in a string
  * eval                           | Evil, Evaluates a string as PHP-code
  * exec                           | Executes an external program
  * fbsql_change_user              | Changed user in a FrontBase database
  * fbsql_connect                  | Connects to a FrontBase database
  * fbsql_create_blob              | Create a Blob
  * fbsql_create_db                | Creates a FrontBase database
  * fbsql_database                 | Get or set a FrontBase database on a connection
  * fbsql_database_password        | Set's database password
  * fbsql_db_query                 | Sends a FrontBase database query
  * fbsql_drop_db                  | Drops a FrontBase database
  * fbsql_pconnect                 | Opens a persistent connection to a FrontBase server
  * fbsql_query                    | Sends a FrontBase database query
  * fbsql_select_db                | Selects a FrontBase database
  * fbsql_set_password             | Sets a password for a user
  * fbsql_start_db                 | Starts a FrontBase server
  * fbsql_stop_db                  | Stops a FrontBase server
  * fbsql_username                 | Set the host name used for a databse
  * fdf_add_doc_javascript         | Adds javascript code to a FDF document
  * fdf_open                       | Opens an FDF document
  * fopen                          | Opens a file
  * fsockopen                      | Opens a Internet or Unix domain socket
  * ftp_chdir                      | Changes directory on a FTP site
  * ftp_chmod                      | Chmods a file ong a FTP site
  * ftp_connect                    | Opens a ftp-connection
  * ftp_exec                       | Executes a command on a FTP server
  * ftp_login                      | Log in to a FTP stream
  * ftp_mkdir                      | Makes a directory on a FTP site
  * ftp_raw                        | Sends an arbitrary command to an FTP server
  * ftp_rename                     | Renames a file on a FTP server
  * ftp_rmdir                      | Removes a directory
  * ftp_site                       | Sends a SITE command to the server
  * fwrite                         | Binary-safe file write
  * gettext                        | Lookup a message in the current domain
  * gzopen                         | Opens a gz-file
  * gzread                         | Reads a gz-file
  * gzwrite                        | Writes a gz-file
  * header                         | Sent a raw HTTP-header
  * highlight_file                 | Highlights file and outputs this
  * ibase_add_user                 | Adds a user to a security database
  * ibase_blob_echo                | Outputs blob info to a browser
  * ibase_connect                  | Connects to an InterBase database
  * ibase_delete_user              | Deletes a user from an InterBase database
  * ibase_pconnect                 | Opens a persistent connection to a InterBase Database
  * ibase_prepare                  | Prepare a query for later binding
  * ibase_query                    | Execute a query on an InterBase database
  * iconv_set_encoding             | Set current setting for character encoding conversion
  * id3_set_tag                    | Set's information in ID3-tags
  * ifx_connect                    | Open Informix server connection
  * ifx_pconnect                   | Open persistent Informix connection
  * ifx_query                      | Send Informix query
  * image2wbmp                     | Outputs an image to the browser
  * imagecreatefromgd              | Create a new image from GD file or URL
  * imagecreatefromgd2             | Create a new image from GD2 file or URL
  * imagecreatefromgd2part         | Create a new image from a given part of GD2 file or URL
  * imagecreatefromgif             | Create a new image from file or URL
  * imagecreatefromjpeg            | Create a new image from file or URL
  * imagecreatefromjpeg            | Create a new image from file or URL
  * imagecreatefromstring          | Create a new image from the image stream in the string
  * imagecreatefromwbmp            | Create a new image from file or URL
  * imagecreatefromxbm             | Create a new image from file or URL
  * imagecreatefromxpm             | Create a new image from file or URL
  * imagegd                        | Output GD image to browser or file
  * imagegd2                       | Output GD2 image to browser or file
  * imagegif                       | Output image to browser or file
  * imagejpeg                      | Output image to browser or file
  * imagepng                       | Output a PNG image to either the browser or a file
  * imap_append                    | Append a string message to a specified mailbox
  * imap_createmailbox             | Create a new mailbox
  * imap_delete                    | Mark a message for deletion from current mailbox
  * imap_deletemailbox             | Delete a mailbox
  * imap_mail                      | Send an email message
  * imap_open                      | Open an IMAP stream to a mailbox
  * imap_reopen                    | Reopen IMAP stream to new mailbox
  * imap_set_quota                 | Sets a quota for a given mailbox
  * imap_setacl                    | Sets the ACL for a giving mailbox
  * imap_setflag_full              | Sets flags on messages
  * imap_status                    | This function returns status information on a mailbox other than the current one
  * imap_unsubscribe               | Unsubscribe from a mailbox
  * ingres_connect                 | Open a connection to an Ingres II database
  * ingres_pconnect                | Open a persistent connection to an Ingres II database
  * ircg_invite                    | Invites nickname to channel
  * ircg_join                      | Join a channel on a connected server
  * ircg_msg                       | Send message to channel or user on server
  * ircg_pconnect                  | Connect to an IRC server
  * ldap_connect                   | Connect to an LDAP server
  * ldap_list                      | Single-level search
  * ldap_rename                    | Modify the name of an entry
  * ldap_search                    | Search LDAP tree
  * link                           | Create a hard link
  * mail                           | Send mail
  * mb_send_mail                   |  Send encoded mail
  * mkdir                          | Makes directory
  * move_uploaded_file             | Moves an uploaded file to a new location
  * msession_connect               | Connect to msession server
  * msession_create                | Create a session
  * msession_destroy               | Destroy a session
  * msession_find                  | Find all sessions with name and value
  * msession_get                   | Get value from session
  * msession_get_array             | Get array of msession variables
  * msession_get_data              | Get data session unstructured data
  * msession_lock                  | Lock a session
  * msession_set                   | Set value in session
  * msession_set_array             | Set msession variables from an array
  * msession_set_data              | Set data session unstructured data
  * msession_unlock                | Unlock a session
  * msg_send                       |  Send a message to a message queue
  * msql                           | Alias of msql_db_query()
  * msql_connect                   | Open mSQL connectio
  * msql_create_db                 | Create mSQL database
  * msql_createdb                  | Alias of msql_create_db()
  * msql_db_query                  | Send mSQL query
  * msql_drop_db                   | Drop (delete) mSQL database
  * msql_list_fields               | List result fields
  * msql_list_tables               | List tables in an mSQL database
  * msql_pconnect                  | Open persistent mSQL connection
  * msql_query                     | Send mSQL query
  * msql_select_db                 | Select mSQL database
  * mssql_connect                  | Open MS SQL server connection
  * mssql_pconnect                 | Open persistent MS SQL connection
  * mssql_query                    | Send MS SQL query
  * mssql_select_db                | Select MS SQL database
  * mysql_change_user              | Change logged in user of the active connection
  * mysql_connect                  | Open a connection to a MySQL Server
  * mysql_create_db                | Create a MySQL database
  * mysql_db_query                 | Send a MySQL query
  * mysql_drop_db                  | Drop (delete) a MySQL database
  * mysql_query                    | Send a MySQL query
  * mysql_select_db                | Select a MySQL database
  * mysql_unbuffered_query         | Send an SQL query to MySQL, without fetching and buffering the result rows
  * odbc_connect                   | Connect to a datasource
  * odbc_exec                      | Prepare and execute a SQL statement
  * odbc_pconnect                  | Open a persistent database connection
  * opendir                        | Open directory handle
  * openlog                        | Open connection to system logger
  * ora_do                         | Parse, Exec, Fetch
  * ora_plogon                     | Open a persistent Oracle connection
  * ovrimos_connect                | Connect to the specified database
  * ovrimos_exec                   | Executes an SQL statement
  * parse_ini_file                 | Parse a configuration file
  * parse_str                      | Parses the string into variables
  * parse_url                      | Parse a URL and return its components
  * parsekit_compile_string        | Compile a string of PHP code and return the resulting op array
  * passthru                       | Execute an external program and display raw output
  * pcntl_exec                     | Executes specified program in current process space
  * pfpro_process                  | Process a transaction with Payflow Pro
  * pfpro_process_raw              | Process a raw transaction with Payflow Pro
  * pfsockopen                     | Open persistent Internet or Unix domain socket connection
  * pg_connect                     | Open a PostgreSQL connection
  * pg_insert                      | Insert array into table
  * pg_pconnect                    | Open a persistent PostgreSQL connection
  * pg_query                       | Execute a query
  * pg_select                      | Select records
  * pg_send_query                  | Sends asynchronous query
  * php_check_syntax               | Check the PHP syntax of (and execute) the specified file
  * popen                          | Opens process file pointer
  * print_r                        | Prints human-readable information about a variable
  * printf                         | Output a formatted string
  * proc_open                      | Execute a command and open file pointers for input/output
  * putenv                         | Sets the value of an environment variable
  * readfile                       | Outputs a file
  * readgzfile                     | Output a gz-file
  * readline                       | Reads a line
  * readlink                       | Returns the target of a symbolic link
  * register_shutdown_function     | Register a function for execution on shutdown
  * register_tick_function         | Register a function for execution on each tick
  * rename                         | Renames a file or directory
  * rmdir                          | Removes directory
  * scandir                        | List files and directories inside the specified path
  * session_id                     | Get and/or set the current session id
  * session_register               | Register one or more global variables with the current session
  * session_save_path              | Get and/or set the current session save path
  * set_include_path               | Sets the include_path configuration option
  * set_time_limit                 | Limits the maximum execution time
  * setcookie                      | Send a cookie
  * setlocale                      | Set locale information
  * setrawcookie                   | Send a cookie without urlencoding the cookie value
  * shell_exec                     | Execute command via shell and return the complete output as a string
  * sleep                          | Delay execution
  * socket_connect                 | Initiates a connection on a socket
  * socket_create_listen           | Opens a socket on port to accept connections
  * socket_write                   | Write to a socket
  * stream_context_set_option      | Sets an option for a stream/wrapper/context
  * stream_context_set_params      | Set parameters for a stream/wrapper/context
  * sybase_connect                 | Opens a Sybase server connection
  * sybase_pconnect                | Open persistent Sybase connection
  * sybase_query                   | Sends a Sybase query
  * sybase_select_db               | Selects a Sybase database
  * sybase_unbuffered_query        | Send a Sybase query and do not block
  * symlink                        | Creates a symbolic link
  * syslog                         | Generate a system log message
  * system                         | Execute an external program and display the output
  * touch                          | Sets access and modification time of file
  * trigger_error                  | Generates a user-level error/warning/notice message
  * unlink                         | Deletes a file
  * vprintf                        | Output a formatted string
  * vsprintf                       | Return a formatted string

  PHP5 only:
    * file_put_contents               | Writes a string to a file
    * ibase_service_attach            | Connect to a service manager of an InterBase database
    * ibase_wait_event                | Wait for an event posted by the database. Could launch a denial of service attack
    * mysqli_change_user              | Changes user in mysql database
    * mysqli                          | Open a new connection to the MySQL server
    * mysqli_embedded_connect         | Open a connection to an embedded mysql server
    * mysqli->select_db               | Selects the default database for database queries
    * mysqli->send_query              | Send the query and return
    * oci_connect                     | Establishes a connection to the Oracle server
    * oci_pconnect                    | Connect to an Oracle database using a persistent connection
    * quotemeta                       | Quote meta characters
    * SQLiteDatabase->arrayQuery      | Execute a query against a given database and returns an array
    * SQLiteDatabase->exec            | Executes a result-less query against a given database
    * sqlite_popen                    |  Opens a persistent handle to an SQLite database and create the database if it does not exist
    * SQLiteDatabase->singleQuery     |  Executes a query and returns either an array for one single column or the value of the first row
    * SQLiteDatabase->unbufferedQuery | Execute a query that does not prefetch and buffer all data
    * stream_socket_client            |  Open Internet or Unix domain socket connection
    * time_nanosleep                  |  Delay for a number of seconds and nanoseconds