From 7f05b3c530c1b04e0314ccbc9f7fe23b27fdcba2 Mon Sep 17 00:00:00 2001
From: Brown <github@muglug.com>
Date: Mon, 22 Jun 2020 17:16:06 -0400
Subject: [PATCH] Add $_REQUEST as a taint source

Ref #3636
---
 .../Statements/Expression/Fetch/VariableFetchAnalyzer.php   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/VariableFetchAnalyzer.php b/src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/VariableFetchAnalyzer.php
index 479c03368..520887428 100644
--- a/src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/VariableFetchAnalyzer.php
+++ b/src/Psalm/Internal/Analyzer/Statements/Expression/Fetch/VariableFetchAnalyzer.php
@@ -361,7 +361,11 @@ class VariableFetchAnalyzer
         $codebase = $statements_analyzer->getCodebase();
 
         if ($codebase->taint && $codebase->config->trackTaintsInPath($statements_analyzer->getFilePath())) {
-            if ($var_name === '$_GET' || $var_name === '$_POST' || $var_name === '$_COOKIE') {
+            if ($var_name === '$_GET'
+                || $var_name === '$_POST'
+                || $var_name === '$_COOKIE'
+                || $var_name === '$_REQUEST'
+            ) {
                 $taint_location = new CodeLocation($statements_analyzer->getSource(), $stmt);
 
                 $server_taint_source = new Source(