mirror of
https://github.com/danog/psalm.git
synced 2024-12-02 17:52:45 +01:00
18 lines
290 B
Markdown
18 lines
290 B
Markdown
|
# TaintedEval
|
||
|
|
|
||
|
|
Tainted input detected to an `eval` call.
|
||
|
|
|
||
|
|
Passing untrusted user input to `eval` calls is dangerous, as it allows arbitrary data to be executed on your server.
|
||
|
|
|
||
|
|
```php
|
||
|
|
<?php
|
||
|
|
|
||
|
|
$name = $_GET["name"];
|
||
|
|
|
||
|
|
evalCode($name);
|
||
|
|
|
||
|
|
function evalCode(string $name) {
|
||
|
|
eval($name);
|
||
|
|
}
|
||
|
|
```
|