Theme Check
[resolved] [Plugin: Theme-Check] Invaild warning: found / .exec() (3 posts)

  1. Hugo Ashmore
    Posted 3 years ago #

    Recent testing of a new community theme for BuddyPress has produced this warning:
    WARNING: Found /.exec in the file functions.php. PHP sytem calls should be disabled by server admins anyway!

    The line in question is actually a block of JavaScript located in functions.php and the exec() that triggered the ? false/positive result is actually a regex pattern checking function and not the PHP execute function.

    The line in functions.php reads:

    var digits = /(.*?)rgb((\d+), (\d+), (\d+))/.exec(color);

    Is it possible to confirm this as an erroneous result?

  2. Samuel Wood (Otto)
    WordPress.org Tech Dude
    Plugin Author

    Posted 3 years ago #

    The line in question may be safe JS, but theme-check isn't advanced enough to know that, because it's not executing the code, it's scanning it.

    You may need to move the javascript into a separate file with a .js extension in order to eliminate it from that particular check (which is only checking .php files).

  3. Hugo Ashmore
    Posted 3 years ago #

    Thanks for the response Otto, yes naturally it's simply a scan and unable to differentiate between php/js. We'll look at whether it's possible to move the code block.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

  • RSS feed for this topic
  • Started 3 years ago by Hugo Ashmore
  • Latest reply from Hugo Ashmore
  • This topic is resolved
  • WordPress version: checkingon3.4-beta4-20825and1.6-trunk-6041