== Why is this an issue?

Included variables may have been set by user input could contain unexpected, and potentially dangerous values. 


=== Noncompliant code example

[source,php]
----
include $foo;
require $foo;
include $foo . '/config.php';
require $foo . '/config.php';
include "$foo/config.php";
require "$foo/config.php";
include($foo);
require($foo);
include($foo . '/config.php');
require($foo . '/config.php');
include("$foo/config.php");
require("$foo/config.php");

include "./$page.php";
----


=== Compliant solution

[source,php]
----
include "./$page.php";
----