Warning about eval
-
I don’t know a lot about this plugin as I’m the server administrator/programmer, but I had to help my co-worker/web developer with it. I block eval on our client servers (a lot of shared hosts do) because of the security risk. On line 774 and 776 of wpgform-core.php, this plugin uses eval where there is no need to whatsoever. Unless the plugin author knows of a case I don’t see? Even still, as the creator of PHP stated:
“If eval() is the answer, you’re almost certainly asking the wrong question.”
Line: 774
Change
$x = eval(‘return sprintf(“%s%s%s”, $a, $op1, $b);’) ;
To
$x = sprintf(“%s%s%s”, $a, $op1, $b);Line: 776
Change
$x = eval(‘return sprintf(“%s%s%s%s%s”, $a, $op1, $b, $op2, $c);’) ;
To
$x = sprintf(“%s%s%s%s%s”, $a, $op1, $b, $op2, $c);
- The topic ‘Warning about eval’ is closed to new replies.