WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: WordPress Exploit Scanner] False positive for JavaScript eval() (6 posts)

  1. Sir Trevor
    Member
    Posted 4 years ago #

    The following code snippet was flagged as a possible JavaScript eval() call:
    function _handle_ad_retrieval($member_id, $query) {

    I am running WP 2.8.5 but that is not an option in the post.

    http://wordpress.org/extend/plugins/exploit-scanner/

  2. Donncha O Caoimh
    Member
    Posted 4 years ago #

    See "eval(" in that string? That's ok.

  3. elfcurry
    Member
    Posted 4 years ago #

    ic_html/*****/wp-includes/classes.php(113) : eval()'d code(1) : eval()'d code on line 1

    )'d code(1) : eval()'d code on line 1

    Line 1 of that file is just '<?php'
    and line 113 is '*' within a comment.

    The identical error is reported 8 times and a search doesn't show 'eval' except within a comment.

    Can someone interpret please?

  4. elfcurry
    Member
    Posted 4 years ago #

    What the error report appears to say is that it thinks it's found 'eval()' on either line 1 or line 113 of classes.php but which? That text does not appear on either line 1 or 113, only in a comment elsewhere. Why the additional repeated snippet, and why report the identical error 8 times?

    As this is my first time using this, I'd appreciate some guidance as to whether I should just ignore this. Thanks.

  5. Donncha O Caoimh
    Member
    Posted 4 years ago #

    elfcurry - I'm not sure why you're seeing this error when the string isn't there but perhaps you should copy classes.php from a new download of WordPress over your copy (assuming you're running the latest WP?) just to be safe.

  6. elfcurry
    Member
    Posted 4 years ago #

    Thanks donncha, I've copied a fresh classes.php file over the one it complains about. It's worrying that it complains about something which I can't see - did it find something genuine but get confused and point to the wrong place?

    Can you say whether it was line 1 or 113 or something else it didn't like?

Topic Closed

This topic has been closed to new replies.

About this Topic