[theme-reviewers] Alternative to eval()
Jonny Cauvain
furcifer at furcifer.me
Fri Jul 1 12:30:46 UTC 2011
Yep base64 is forbidden
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Daniel Fenn <danielx386 at gmail.com> wrote:
So using base64 and such is also forbidden?
On 01/07/2011, Andrew Nacin <wp at andrewnacin.com> wrote:
> On Fri, Apr 29, 2011 at 10:00 AM, Rahul Bansal
> <rahul.bansal at rtcamp.com>wrote:
>
>> So far, I believe, exploring eval() like alternative is not good idea.
>> Though I will try create_function as suggested by Otto and see how it
>> works.
>>
>
> Incredibly late reply on this, but I'd rather create_function() be banned
> from themes. Arbitrary PHP is insecure -- especially user-inputted PHP --
> and, keep in mind, it would make the theme insecure for multisite.
> create_function() is just as dangerous as eval() or assert() or any other
> arbitrary execution device, whether used incorrectly or maliciously.
>
> Nacin
>
--
Regards,
Daniel Fenn
_____________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110701/8fd364de/attachment.htm>
More information about the theme-reviewers
mailing list