mirror of
https://github.com/danog/psalm.git
synced 2024-12-11 16:59:45 +01:00
18 lines
351 B
Markdown
18 lines
351 B
Markdown
|
# TaintedInclude
|
||
|
|
||
|
Tainted input detected to an `include` or `require` call.
|
||
|
|
||
|
Passing untrusted user input to `include` calls is dangerous, as it can allow an attacker to execute arbitrary scripts on your server.
|
||
|
|
||
|
```php
|
||
|
<?php
|
||
|
|
||
|
$name = $_GET["name"];
|
||
|
|
||
|
includeCode($name);
|
||
|
|
||
|
function includeCode(string $name) : void {
|
||
|
include($name . '.php');
|
||
|
}
|
||
|
```
|