mirror of
https://github.com/danog/psalm.git
synced 2024-12-05 21:19:03 +01:00
74749d20cc
Ref #4590
18 lines
321 B
Markdown
18 lines
321 B
Markdown
# TaintedEval
|
|
|
|
Emitted when user-controlled input can be passed into to an `eval` call.
|
|
|
|
Passing untrusted user input to `eval` calls is dangerous, as it allows arbitrary data to be executed on your server.
|
|
|
|
```php
|
|
<?php
|
|
|
|
$name = $_GET["name"];
|
|
|
|
evalCode($name);
|
|
|
|
function evalCode(string $name) {
|
|
eval($name);
|
|
}
|
|
```
|