[Plugin: Code Snippets] Plugin uses eval() – security concern
I noticed that the plugin uses eval(), and while my skills in PHP wouldn’t be classified as ‘expert’, from what I understand this is a security concern.
The plugin stores the snippets as text data directly in the database, and then executes them from there. While this is probably great from a performance standpoint, it opens the door to security risks, and also if you would happen to get a bad snippet, it could shut down your site (of course you could FTP into the site and remove/rename the plugin to fix it).
I do love the way the snippets are stored and organized in the WP admin. But maybe there is a better way doing this?
- The topic ‘[Plugin: Code Snippets] Plugin uses eval() – security concern’ is closed to new replies.