Security Error

  • Resolved punchdesign

    (@punchdesign)


    6 years, 4 months ago

    One of our security plugins has identified a potential risk…

    $result = eval( $code );

    The function eval called at line 361 column 12, which should be avoided whenever possible.

    … is this a false positive?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Shea Bunge

    (@bungeshea)

    6 years, 4 months ago

    It’s a potential security risk because it’s a way of executing PHP code on the server. If the PHP code is malicious, there can be very damaging results.

    However, the key word here is ‘potential’. Only snippets which are added to the site and marked as active will be executed. Just like if you edit or upload a plugin, there are risks when adding code to your site, and it is the responsibility of the site owner to ensure that only safe code is added and used.

    Hopefully this explains things, let me know if you have any questions.

    Thread Starter punchdesign

    (@punchdesign)

    6 years, 4 months ago

    That’s useful, thank you Shea.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security Error’ is closed to new replies.