1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-13 09:47:29 +01:00
psalm/docs/running_psalm/issues/TaintedCallable.md

20 lines
307 B
Markdown
Raw Normal View History

2020-11-20 01:01:19 +01:00
# TaintedCallable
2020-11-20 01:01:19 +01:00
Emitted when tainted text is used in an aribtary function call.
This can lead to dangerous situations, like running arbitrary functions.
```php
<?php
$name = $_GET["name"];
evalCode($name);
function evalCode(string $name) {
if (is_callable($name)) {
$name();
}
}
```