Title: Remove PHP eval()
Last modified: August 19, 2016

---

# Remove PHP eval()

 *  [obsidiandh](https://wordpress.org/support/users/obsidiandh/)
 * (@obsidiandh)
 * [17 years ago](https://wordpress.org/support/topic/remove-php-eval/)
 * Hi,
 * I recently installed wordpress 2.7.1 and when going to wp-admin/edit.php came
   across an error because eval is disabled by suhosin on the server which I am 
   using.
 * I did a search through the WP source code and found 2 occurrences of eval in 
   the code (plus a few in the pcizip library).
 * I couldn’t spot anything that said why the eval was used so I’ve created two 
   patches:
 * _wp-includes/classes.php_
 *     ```
       219,233c219
       <
       < 					preg_match_all('/\$(.*?)\[(.*?)\]/',$query,$subs);
       < 					$find=array();
       < 					$replace=array();
       <
       < 					foreach($subs[0] as $key=>$value)
       < 					{
       < 					$tmp=$subs[1][$key];
       < 					$tmp=$$tmp;
       < 					$tmp=$tmp[$subs[2][$key]];
       < 					$find[]=$subs[0][$key];
       < 					$replace[]=$tmp;
       < 					}
       <
       < 					$query=str_replace($find,$replace,$query);
       ---
       > 					eval("@\$query = \"" . addslashes($query) . "\";");
       ```
   
 * _wp-includes/rewrite.php_
 *     ```
       299,313c299
       <
       < 					preg_match_all('/\$(.*?)\[(.*?)\]/',$query,$subs);
       < 					$find=array();
       < 					$replace=array();
       <
       < 					foreach($subs[0] as $key=>$value)
       < 					{
       < 					$tmp=$subs[1][$key];
       < 					$tmp=$$tmp;
       < 					$tmp=$tmp[$subs[2][$key]];
       < 					$find[]=$subs[0][$key];
       < 					$replace[]=$tmp;
       < 					}
       <
       < 					$query=str_replace($find,$replace,$query);
       ---
       > 			eval("\$query = \"" . addslashes($query) . "\";");
       ```
   
 * These work for me but whether they will work for everyone I don’t know and I 
   expect there is a much tidier way to fix it.
 * ~Rowan

Viewing 1 replies (of 1 total)

 *  [MichaelH](https://wordpress.org/support/users/michaelh/)
 * (@michaelh)
 * [17 years ago](https://wordpress.org/support/topic/remove-php-eval/#post-1055271)
 * Might submit your patches to Trac for inclusion in the core if that’s what you
   are looking to do…see [Reporting Bugs](http://codex.wordpress.org/Reporting_Bugs).

Viewing 1 replies (of 1 total)

The topic ‘Remove PHP eval()’ is closed to new replies.

## Tags

 * [eval](https://wordpress.org/support/topic-tag/eval/)
 * [SUHOSIN](https://wordpress.org/support/topic-tag/suhosin/)

 * In: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
 * 1 reply
 * 2 participants
 * Last reply from: [MichaelH](https://wordpress.org/support/users/michaelh/)
 * Last activity: [17 years ago](https://wordpress.org/support/topic/remove-php-eval/#post-1055271)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics