On Fri, Apr 29, 2011 at 10:00 AM, Rahul Bansal <span dir="ltr"><<a href="mailto:rahul.bansal@rtcamp.com">rahul.bansal@rtcamp.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div>So far, I believe, exploring eval() like alternative is not good idea. </div><div>Though I will try create_function as suggested by Otto and see how it works. </div></div></blockquote><div><br></div><div>Incredibly late reply on this, but I'd rather create_function() be banned from themes. Arbitrary PHP is insecure -- especially user-inputted PHP -- and, keep in mind, it would make the theme insecure for multisite. create_function() is just as dangerous as eval() or assert() or any other arbitrary execution device, whether used incorrectly or maliciously.</div>
<div><br></div><div>Nacin</div></div>