[theme-reviewers] [WordPress Themes] #2186: THEME: impressIO -1.0

[Philip M. Hofer (Frumph)]

$cap = new autoconfig();

He's using $cap->var;  to get the variable, and you just wrote exactly what 
I was going to write ;)


- Phil



----- Original Message ----- 
From: "Otto" <otto at ottodestruct.com>
To: <theme-reviewers at lists.wordpress.org>
Sent: Wednesday, January 05, 2011 4:04 AM
Subject: Re: [theme-reviewers] [WordPress Themes] #2186: THEME: 
impressIO -1.0


> For the specific case of eval, whether it is harmful or not is
> irrelevant. We do not allow use of eval() in themes. Period.
>
> And for the record, this is one of the stupidest functions I've ever seen:
>
> public function fetchConfig($fn){
> $code = '$this->' . $fn;
> eval("return $code");
> }
>
> I guess the point seems to be to return $this->foo where $fn='foo',
> but there's a few problems with it.
>
> Firstly, it doesn't make any sense. Why take the input, build a
> string, and then eval that string? If you want to return $this->foo
> when $fn = 'foo', then a simple "return $this->$fn;" would do the
> trick just fine.
>
> Secondly, it doesn't work. "return $code" will return a syntax error
> due to the lack of the ending semi-colon on the code.
>
> Thirdly, I can't find any reference to it in any of the other files.
> If this isn't being used, why is it in there at all?
>
> No, I wouldn't allow it through with that in there.
>
> -Otto
>
> On Wed, Jan 5, 2011 at 5:42 AM, Radu Ganea <raduganea at raduganea.com> 
> wrote:
>> Hi guys,
>>
>> I will update the TimThumb to the latest version.
>> Could you please take a closer look at the "eval()" function I am using 
>> and
>> see if it really is harmful? I really think it isn't.
>>
>> Thanks
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>