While scanning the Drupal code I received this message "This call contains an argument injection flaw. The argument to the function is constructed using user-supplied input without properly delimiting or sanitizing it." It refers to:
$default_line_endings = TRUE;
ini_set('auto_detect_line_endings', (bool) $default_line_endings);
I'm using it inline in a Drupal module. Any ideas what to do to avoid this? I need that variable to be used like that.
This is a security warning since your ini configuration depends on a variable.
While it doesn't seem like the variable's value actually depends on a user's input, consider to try the following:
$default_line_endings = TRUE;
...
...
if(!$default_line_endings)
ini_set('auto_detect_line_endings', false);
else
ini_set('auto_detect_line_endings', true);