Skip to content

Latest commit

 

History

History
17 lines (11 loc) · 385 Bytes

TaintedInclude.md

File metadata and controls

17 lines (11 loc) · 385 Bytes

TaintedInclude

Emitted when user-controlled input can be passed into an include or require expression.

Passing untrusted user input to include calls is dangerous, as it can allow an attacker to execute arbitrary scripts on your server.

<?php

$name = $_GET["name"];

includeCode($name);

function includeCode(string $name) : void {
    include($name . '.php');
}