diff --git a/core/core_engine/php/parser.py b/core/core_engine/php/parser.py
index b16cbf70..3fcc0460 100644
--- a/core/core_engine/php/parser.py
+++ b/core/core_engine/php/parser.py
@@ -926,6 +926,14 @@ def parameters_back(param, nodes, function_params=None, lineno=0,
                 if param_name in param_expr:
                     logger.debug("[AST] param {} in list {}, continue...".format(param_name, param_expr))
 
+                    # 如果列表中直接就有可控变量，先算作漏洞
+                    for p in param_expr:
+                        is_co, cp = is_controllable(p)
+
+                        if is_co == 1:
+                            param = p
+                            return is_co, cp, expr_lineno
+
                     is_co = 3
                     cp = param
 
diff --git a/core/engine.py b/core/engine.py
index 8640826b..aa01061e 100644
--- a/core/engine.py
+++ b/core/engine.py
@@ -178,7 +178,6 @@ def store(result):
             logger.debug('[SCAN] [STORE] Not found vulnerabilities on this rule!')
 
     async def start_scan(target_directory, rule, files, language, tamper_name):
-
         result = scan_single(target_directory, rule, files, language, tamper_name, is_unconfirm, newcore_function_list)
         store(result)
 
@@ -444,6 +443,7 @@ def origin_results(self):
                 if match:
                     f = FileParseAll(self.files, self.target_directory, language=self.lan)
                     result = f.grep(match)
+
                 else:
                     result = None
             except Exception as e: