Support » Plugin: AntiVirus » Should not alert in PHP comments

Viewing 1 replies (of 1 total)
  • Plugin Author Stefan Kalscheuer

    (@stklcode)

    You are right, comments usually won’t do any harm.

    The theme file scan in the current version is pretty simple, as it scans each line of PHP sources and applies a set of expressions to them, mainly to identify potentially malicious code patterns. Many of them ca be used for good, too, so false positives in the first run are likely normal for complex themes.

    A really dumb implementation that scans for /* or // won’t do the job here, as it’s easy to work around and target for false positives itself, so the routine has to be extended quite a bit.

    We will note this (reasonable) request, but to be honest I would not expect to see this extension in the near future. However, everybody is invited to contribute.

    Regards,
    Stefan

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.