rspec/rules/S1613/php/rule.adoc

== Why is this an issue?

Included variables may have been set by user input could contain unexpected, and potentially dangerous values. 


=== Noncompliant code example

[source,php]
----
include $foo;
require $foo;
include $foo . '/config.php';
require $foo . '/config.php';
include "$foo/config.php";
require "$foo/config.php";
include($foo);
require($foo);
include($foo . '/config.php');
require($foo . '/config.php');
include("$foo/config.php");
require("$foo/config.php");

include "./$page.php";
----


=== Compliant solution

[source,php]
----
include "./$page.php";
----
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00			`Included variables may have been set by user input could contain unexpected, and potentially dangerous values.`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,php]`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00			`----`
			`include $foo;`
			`require $foo;`
			`include $foo . '/config.php';`
			`require $foo . '/config.php';`
			`include "$foo/config.php";`
			`require "$foo/config.php";`
			`include($foo);`
			`require($foo);`
			`include($foo . '/config.php');`
			`require($foo . '/config.php');`
			`include("$foo/config.php");`
			`require("$foo/config.php");`

			`include "./$page.php";`
			`----`


migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,php]`
RULEAPI-617: Add Jira closed RSPECs in Github repository 2021-06-08 14:23:48 +02:00			`----`
			`include "./$page.php";`
			`----`