WordPress.org

Ready to get started?Download WordPress

Forums

Theme-Check
[resolved] Invaild warning: found / .exec() (3 posts)

  1. Hugo
    Member
    Posted 2 years ago #

    Recent testing of a new community theme for BuddyPress has produced this warning:
    WARNING: Found /.exec in the file functions.php. PHP sytem calls should be disabled by server admins anyway!

    The line in question is actually a block of JavaScript located in functions.php and the exec() that triggered the ? false/positive result is actually a regex pattern checking function and not the PHP execute function.

    The line in functions.php reads:

    var digits = /(.*?)rgb((\d+), (\d+), (\d+))/.exec(color);

    Is it possible to confirm this as an erroneous result?

  2. Samuel Wood (Otto)
    Tech Ninja
    Plugin Author

    Posted 2 years ago #

    The line in question may be safe JS, but theme-check isn't advanced enough to know that, because it's not executing the code, it's scanning it.

    You may need to move the javascript into a separate file with a .js extension in order to eliminate it from that particular check (which is only checking .php files).

  3. Hugo
    Member
    Posted 2 years ago #

    Thanks for the response Otto, yes naturally it's simply a scan and unable to differentiate between php/js. We'll look at whether it's possible to move the code block.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic