mirror of
https://github.com/danog/psalm.git
synced 2024-12-12 09:19:40 +01:00
18 lines
290 B
Markdown
18 lines
290 B
Markdown
|
# TaintedEval
|
||
|
|
||
|
Tainted input detected to an `eval` call.
|
||
|
|
||
|
Passing untrusted user input to `eval` calls is dangerous, as it allows arbitrary data to be executed on your server.
|
||
|
|
||
|
```php
|
||
|
<?php
|
||
|
|
||
|
$name = $_GET["name"];
|
||
|
|
||
|
evalCode($name);
|
||
|
|
||
|
function evalCode(string $name) {
|
||
|
eval($name);
|
||
|
}
|
||
|
```
|