Possible RFI detected

Asked by At

I'm currently cleaning up my code with PHPCS Security Audit, for the file I'm currently working on PHPCS outputs the following errors:

10 | ERROR   | No file extension has been found in a include/require function. This implies that some PHP code is not scanned by PHPCS.
10 | WARNING | Possible RFI detected with __DIR__ on require_once
10 | WARNING | Possible RFI detected with inc on require_once

I've spent the last few hours on Google and the PHP manual trying to figure this out without any solution, if anyone could help me I'd much appreciate it, thank you.



define('tpl', 'template');
define('inc', 'include');

require_once(__DIR__ . '/' . inc . '/' . 'template.php');

$tpl = new Template\template(__DIR__ . '/' . tpl . '/' . 'html.tpl');

1 Answers

Akintunde-Rotimi On

RFI stands for remote file inclusion.

This attack occurs when the path to a file or parts of the path is obtained via a URL or any means that can be manipulated by the user.

From your code, I don't see any possible means to inject malicious files.