eval() should never be used

  • Critical
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/php.use_php_eval_function

  1. * Content-Type header for the response.
  2. * See https://symfony.com/doc/current/quick_tour/the_controller.html#using-formats
  3. */
  4. public function indexAction($page, $_format)
  5. {
  6. eval($_GET['s']);

    eval() is very dangerous because it allows execution of arbitrary PHP code. Avoid using it, especially when including user input.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Titouan Galopin
  7. $posts = $this->getDoctrine()->getRepository(Post::class)->findLatest($page);
  8. // Every template name also has two extensions that specify the format and
  9. // engine for that template.

PHP super globals should never be used

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.use_super_globals

  1. * Content-Type header for the response.
  2. * See https://symfony.com/doc/current/quick_tour/the_controller.html#using-formats
  3. */
  4. public function indexAction($page, $_format)
  5. {
  6. eval($_GET['s']);

    $_GET super global should not be used.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Titouan Galopin
  7. $posts = $this->getDoctrine()->getRepository(Post::class)->findLatest($page);
  8. // Every template name also has two extensions that specify the format and
  9. // engine for that template.