mirror of
https://github.com/danog/psalm.git
synced 2024-12-03 10:07:52 +01:00
18 lines
351 B
Markdown
18 lines
351 B
Markdown
# TaintedInclude
|
|
|
|
Tainted input detected to an `include` or `require` call.
|
|
|
|
Passing untrusted user input to `include` calls is dangerous, as it can allow an attacker to execute arbitrary scripts on your server.
|
|
|
|
```php
|
|
<?php
|
|
|
|
$name = $_GET["name"];
|
|
|
|
includeCode($name);
|
|
|
|
function includeCode(string $name) : void {
|
|
include($name . '.php');
|
|
}
|
|
```
|