1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-02 17:52:45 +01:00
psalm/docs/running_psalm/issues/TaintedEval.md

18 lines
321 B
Markdown
Raw Normal View History

# TaintedEval
Emitted when user-controlled input can be passed into to an `eval` call.
Passing untrusted user input to `eval` calls is dangerous, as it allows arbitrary data to be executed on your server.
```php
<?php
$name = $_GET["name"];
evalCode($name);
function evalCode(string $name) {
eval($name);
}
```