1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-05 13:10:49 +01:00
psalm/docs/running_psalm/issues/TaintedInclude.md

18 lines
388 B
Markdown
Raw Normal View History

# TaintedInclude
Emitted when user-controlled input can be passed into to an `include` or `require` expression.
Passing untrusted user input to `include` calls is dangerous, as it can allow an attacker to execute arbitrary scripts on your server.
```php
<?php
$name = $_GET["name"];
includeCode($name);
function includeCode(string $name) : void {
include($name . '.php');
}
```