Remove PHP eval()
-
Hi,
I recently installed wordpress 2.7.1 and when going to wp-admin/edit.php came across an error because eval is disabled by suhosin on the server which I am using.
I did a search through the WP source code and found 2 occurrences of eval in the code (plus a few in the pcizip library).
I couldn’t spot anything that said why the eval was used so I’ve created two patches:
wp-includes/classes.php
219,233c219 < < preg_match_all('/\$(.*?)\[(.*?)\]/',$query,$subs); < $find=array(); < $replace=array(); < < foreach($subs[0] as $key=>$value) < { < $tmp=$subs[1][$key]; < $tmp=$$tmp; < $tmp=$tmp[$subs[2][$key]]; < $find[]=$subs[0][$key]; < $replace[]=$tmp; < } < < $query=str_replace($find,$replace,$query); --- > eval("@\$query = \"" . addslashes($query) . "\";");wp-includes/rewrite.php
299,313c299 < < preg_match_all('/\$(.*?)\[(.*?)\]/',$query,$subs); < $find=array(); < $replace=array(); < < foreach($subs[0] as $key=>$value) < { < $tmp=$subs[1][$key]; < $tmp=$$tmp; < $tmp=$tmp[$subs[2][$key]]; < $find[]=$subs[0][$key]; < $replace[]=$tmp; < } < < $query=str_replace($find,$replace,$query); --- > eval("\$query = \"" . addslashes($query) . "\";");These work for me but whether they will work for everyone I don’t know and I expect there is a much tidier way to fix it.
~Rowan
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Remove PHP eval()’ is closed to new replies.