1
0
mirror of https://github.com/danog/psalm.git synced 2024-12-11 16:59:45 +01:00
psalm/docs/running_psalm/issues/TaintedEval.md
2021-01-29 11:46:13 +01:00

321 B

TaintedEval

Emitted when user-controlled input can be passed into to an eval call.

Passing untrusted user input to eval calls is dangerous, as it allows arbitrary data to be executed on your server.

<?php

$name = $_GET["name"];

evalCode($name);

function evalCode(string $name) {
    eval($name);
}