Unnecessary eval statements

  • Resolved SiteBolts

    (@sitebolts)


    9 months, 3 weeks ago

    Hi there, I noticed that there are two files in your plugin that seem to contain an unnecessary eval statement.

    The files in question are /importExtensions/ImportHelpers.php and /importExtensions/CoreFieldsImport.php

    And the matching code for both of them is:

    @eval("return " . $matched_element . ";" );

    I’m a bit confused about the way that line is written; it seems like it could just be replaced with a normal string concatenator and/or return statement without carrying any of the risks or performance hits of a dynamic eval statement.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author smackcoders

    (@smackcoders)

    Thank you for bringing this to our attention. We appreciate your feedback. We’ll carefully review the mentioned files and the eval statements you highlighted. We will check this with our technical team and update you within a couple of days. We always aim to enhance our code for better readability, performance, and security. If you have any further suggestions or specific recommendations, please feel free to share them. Your input is valuable to us as we continually strive to improve our plugin.

    Plugin Author smackcoders

    (@smackcoders)

    We’ve thoroughly reviewed the files and the eval statements in question. After careful consideration, we’ve optimized the code to eliminate unnecessary eval functions and have added additional sanitization for improved performance and security. We’re pleased to inform you that these enhancements are included in our latest version 7.10.11. Upgrade the plugin and give it a try. We appreciate your vigilance and thank you for contributing to the ongoing improvement of our plugin. If you have any more insights or suggestions, please feel free to share them. Your feedback is invaluable to us. ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Unnecessary eval statements’ is closed to new replies.