From f55fab662fe49ba7deae7630f605b04ddd64e012 Mon Sep 17 00:00:00 2001
From: Tiffany Taylor <tiffany@php.net>
Date: Sat, 22 Apr 2023 22:16:23 -0600
Subject: [PATCH] Add failing test for checking a string assignment from $_GET

---
 ext/standard/tests/strings/literals/015.phpt | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 ext/standard/tests/strings/literals/015.phpt

diff --git a/ext/standard/tests/strings/literals/015.phpt b/ext/standard/tests/strings/literals/015.phpt
new file mode 100644
index 0000000000000..2ce8456cea514
--- /dev/null
+++ b/ext/standard/tests/strings/literals/015.phpt
@@ -0,0 +1,13 @@
+--TEST--
+String assignment from $_GET in eval()
+--XFAIL--
+Any string from $_GET should not return true on an is_literal() check
+--FILE--
+$_GET['evil'] = 'hi';
+eval('$foo = "'.$_GET['evil'].'";');
+
+var_dump($foo);
+var_dump(is_literal($foo));
+--EXPECT--
+string(2) "hi"
+bool(false)