PHP eval used in W3 Total Cache plugin
-
I’m reposting this because I feel that this is a very real problem which is being subtly avoided by the plugin developer.
There are other related posts here and
hereI am concerned at the use of “eval” in your plugin code. I have taken a look and it all cases it looks to be down to laziness or perhaps lack of knowledge of a better solution. There are countless security articles online about the bad points of php eval and there are always better solutions. There really is no reason to be using eval and on such a widely used plugin it is a massive undermining of security for the large userbase who have installed this plugin.
Can you justify your use of it?
Thanks
Phil
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘PHP eval used in W3 Total Cache plugin’ is closed to new replies.
