WordPress.org

Ready to get started?Download WordPress

Forums

OpenHook
[resolved] Open Hook eval()'d code on line 7 (5 posts)

  1. Bilal Ahmad
    Member
    Posted 1 year ago #

    I am using Sucuri.net to monitor my blog. I received a security warning message that site error detected in "Open Hook" Plugin. It is pointing me to the following code.

    eval()'d code</b> on line <b>7</b>

    This code is in the line 236 of plugins/thesis-openhook/index.php

    I have very limited knowledge about coding. Kindly guide me how to resolve this issue.

    Thank You

    http://wordpress.org/extend/plugins/thesis-openhook/

  2. BrazenlyGeek
    Member
    Plugin Author

    Posted 1 year ago #

    Is there an actual error on your site, or is Securi just complaining that OpenHook evaluates code?

    If everything is working on your site, I'd ignore the Securi warning. It's well known that OpenHook evaluates user-input PHP code, and yes, that is a huge security risk, but it's no more insecure than allowing users to edit files (which WordPress does allow) or editing files via FTP.

  3. Bilal Ahmad
    Member
    Posted 1 year ago #

    Thank You BrazenlyGeek for your replay.

    Actually the problem was not in Open Hook Plugin but there was a short code for a plugin and that plugin was disable.

    After removing the shortcode from Open Hook, the Sucuri.net warning message disappeared.

    Once again thank you for your replay.

  4. BrazenlyGeek
    Member
    Plugin Author

    Posted 1 year ago #

    Glad to hear you got this sorted, Bilal! I've been researching a couple different methods of capturing OpenHook's output and bailing out on any particular hook that throws an error due to supplied code, but I've not come across any that seem like they'd work in this setup, which is unfortunate.

  5. BrazenlyGeek
    Member
    Plugin Author

    Posted 1 year ago #

    Marking this as resolved.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic