mirror of
https://github.com/danog/psalm.git
synced 2024-12-12 09:19:40 +01:00
db566c7c4d
Ref #4590
388 B
388 B
TaintedInclude
Emitted when user-controlled input can be passed into to an include
or require
expression.
Passing untrusted user input to include
calls is dangerous, as it can allow an attacker to execute arbitrary scripts on your server.
<?php
$name = $_GET["name"];
includeCode($name);
function includeCode(string $name) : void {
include($name . '.php');
}