[Summary]
  This file describe the sources from which tainted data can be imported.
  An conservative approach is taken. Everything that retrieves data from
  a source outside PHP, such as the file system or a database, is considered
  tainted. Notice that this should be adaptable within the tool.

[Language constructs]
  Predefined variables:
    $_SERVER      $_SESSION
    $_GET         $_REQUEST
    $_POST        $_FILES
    $_COOKIE

[Internal functions]
  Most functions only return tainted data if the parameter given contains tainted data.
    * base64_decode            | Returns decoded string, could contain tainted data
    * base_convert             | Returns decoded string with letters if toBase is high enough
    * basename                 | Returns a part of a filename.
    * bzread                   | Returns a string coming from a bz compressed file handle
    * chr                      | Returns the string-representation of the ASCII-number. Could be dangerous if a lot are concatted
    * convert_cyr_string       | Returns string in cyr-encoding
    * current                  | Returns the current element of an array
    * dba_nextkey              | Returns the next key in a database
    * dns_get_record           | Fetch DNS Resource Records associated with a hostname
    * end                      | Returns last element of an array
    * extract                  | Import variables into the current symbol table from an array
    * fdf_get_attachment       | Extracts an uploaded file from a FDF document
    * fdf_open                 | Opens an FDF document
    * fdf_open_string          | Opens an FDF-file
    * fdf_save_string          | Returns the FDF document as a string
    * fgetc                    | Get one character from a file pointer. Could be dangerous if a lot are concatted
    * fgetcsv                  | Gets line from file pointer and parse for CSV fields
    * fgets                    | Gets line from file pointer
    * fgetss                   | Gets line from file pointer and strip HTML tags
    * file                     | Reads entire file into an array
    * file_get_contents        | Reads entire file into a string
    * fopen                    | Opens a file, binds a resource
    * fread                    | Returns a string of a file read
    * func_get_arg             | Return an item from the argument list
    * func_get_args            | Returns an array comprising a function's argument list
    * get_browser              | Returns info about the browser, using USER_AGENT
    * get_headers              | Fetches all the headers sent by the server in response to a HTTP request 
    * get_meta_tags            | Extracts all meta tag content attributes from a file and returns an array
    * getallheaders            | Fetch all HTTP request headers
    * getenv                   | Gets the value of an environment variable, some come from the user
    * getopt                   | Gets options from the command line argument list
    * gettext                  | Lookup a message in the current domain
    * gzdeflate                | Deflate a string
    * gzfile                   | Read gz-file into an array
    * gzgetss                  | Get a line from a gz-file and strip HTML-tags
    * gzopen                   | Opens a gz-file
    * gzread                   | Reads a gz-file
    * headers_list             | Returns a list of response headers sent (or ready to send)
    * hebrev                   | Convert logical Hebrew text to visual text
    * hebrevc                  | Same as Hebrev, with newline conversion  
    * highlight_string         | Highlights a string 
    * html_entity_decode       | Convert all HTML entities to their applicable characters
    * ibase_blob_import        | Create blob, copy file in it, and close it
    * iconv                    | Convert string to requested character encoding
    * id3_get_tag              | Get all information stored in ID3-tags
    * imap_base64              | Decode BASE64 encoded text
    * imap_bodystruct          |  Read the structure of a specified body section of a specific message
    * imap_fetchbody           |  Fetch a particular section of the body of the message
    * imap_fetchheader         | Returns header for a message
    * imap_fetchstructure      |  Read the structure of a particular message
    * imap_headerinfo          | Read the header of the message
    * imap_headers             |  Returns headers for all messages in a mailbox
    * imap_mime_header_decode  | Decode MIME header elements
    * implode                  | Join array elements with a string
    * imap_utf8                |  Converts MIME-encoded text to UTF-8
    * import_request_variables | Import GET/POST/Cookie variables into the global scope
    * ircg_nickname_unescape   |  Decodes encoded nickname
    * join                     | Alias of implode
    * ldap_get_values          | Get all values from a result entry
    * mb_decode_mimeheader     | Decode string in MIME header field
    * mb_parse_str             |  Parse GET/POST/COOKIE data and set global variable
    * mcrypt_decrypt           | Decrypts crypttext with given parameters
    * mdecrypt_generic         | Decrypt data
    * msession_get             | Get value from session
    * msession_get_array       | Get array of msession variables
    * msession_get_data        | Get data session unstructured data
    * msg_receive              | Receive a message from a message queue
    * ngettext                 | Plural version of gettext
    * ob_get_contents          | Return the contents of the output buffer
    * ob_get_flush             | Flush the output buffer, return it as a string and turn off output buffering
    * parse_ini_file           | Parse a configuration file
    * parse_str                | Parses the string into variables
    * parse_url                | Parse a URL and return its components
    * parsekit_compile_string  | Compile a string of PHP code and return the resulting op array
    * pfpro_process_raw        | Process a raw transaction with Payflow Pro
    * pfsockopen               | Open persistent Internet or Unix domain socket connection
    * pg_copy_to               | Copy a table to an array
    * pg_fetch_all             | Fetches all rows from a result as an array
    * pg_fetch_array           | Fetch a row as an array
    * pg_fetch_assoc           | Fetch a row as an associative array
    * pg_fetch_result          | Returns values from a result resource
    * pg_fetch_row             | Get a row as an enumerated array
    * rawurldecode             | Decode URL-encoded strings
    * readline                 | Reads a line
    * readlink                 | Returns the target of a symbolic link
    * scandir                  | List files and directories inside the specified path
    * shm_get_var              | Returns a variable from shared memory
    * socket_read              | Reads a maximum of length bytes from a socket
    * sprintf                  | Return a formatted string
    * SQLiteUnbuffered->fetchAll           | Fetches all rows from a result set as an array of arrays
    * SQLiteUnbuffered->fetch              | Fetches the next row from a result set as an array
    * SQLiteDatabase->fetchColumnTypes     | Return an array of column types from a particular table
    * SQLiteUnbuffered->fetchObject        | Fetches the next row from a result set as an object
    * SQLiteUnbuffered->fetchSingle        | Fetches the first column of a result set as a string
    * SQLiteDatabase->singleQuery          | Executes a query and returns either an array for one single column or the value of the first row
    * stripcslashes            | Un-quote string quoted with addcslashes()
    * stripslashes             | Un-quote string quoted with addslashes()
    * strval                   | Get string value of a variable
    * sybase_fetch_array       | Fetch row as array
    * sybase_fetch_assoc       | Fetch a result row as an associative array
    * sybase_fetch_assoc       | Fetch a result row as an associative array
    * sybase_fetch_object      | Fetch a row as an object
    * sybase_fetch_row         | Get a result row as an enumerated array
    * sybase_result            | Get result data
    * token_get_all            | Split given source into PHP tokens
    * unpack                   | Unpack data from binary string
    * vsprintf                 | Return a formatted string

  [PHP5 only]
  * convert_uudecode (5)     | Returns an uu-decoded string
  * iconv_mime_decode        | Decodes a MIME-header field
  * iconv_mime_decode_headers| Decodes several MIME-header field
  * php_strip_whitespace         |  Return source with stripped comments and whitespace
  * SQLiteDatabase->arrayQuery   | Execute a query against a given database and returns an array
  * stream_get_contents          | Reads remainder of a stream into a string
  * stream_get_line              | Gets line from stream resource up to a given delimiter


