mirror of
https://github.com/danog/psalm.git
synced 2024-12-05 13:10:49 +01:00
20 lines
308 B
Markdown
20 lines
308 B
Markdown
# TaintedCallable
|
|
|
|
Emitted when tainted text is used in an arbitrary function call.
|
|
|
|
This can lead to dangerous situations, like running arbitrary functions.
|
|
|
|
```php
|
|
<?php
|
|
|
|
$name = $_GET["name"];
|
|
|
|
evalCode($name);
|
|
|
|
function evalCode(string $name) {
|
|
if (is_callable($name)) {
|
|
$name();
|
|
}
|
|
}
|
|
```
|