mirror of
https://github.com/danog/psalm.git
synced 2024-12-02 17:52:45 +01:00
351 B
351 B
TaintedInclude
Tainted input detected to an include or require call.
Passing untrusted user input to include calls is dangerous, as it can allow an attacker to execute arbitrary scripts on your server.
<?php
$name = $_GET["name"];
includeCode($name);
function includeCode(string $name) : void {
include($name . '.php');
}