mirror of
https://github.com/danog/psalm.git
synced 2024-12-02 17:52:45 +01:00
18 lines
388 B
Markdown
18 lines
388 B
Markdown
# TaintedInclude
|
|
|
|
Emitted when user-controlled input can be passed into to an `include` or `require` expression.
|
|
|
|
Passing untrusted user input to `include` calls is dangerous, as it can allow an attacker to execute arbitrary scripts on your server.
|
|
|
|
```php
|
|
<?php
|
|
|
|
$name = $_GET["name"];
|
|
|
|
includeCode($name);
|
|
|
|
function includeCode(string $name) : void {
|
|
include($name . '.php');
|
|
}
|
|
```
|