<div class="gmail_quote">On Fri, Jul 1, 2011 at 2:23 AM, Andrew Nacin <span dir="ltr"><<a href="mailto:wp@andrewnacin.com">wp@andrewnacin.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>Incredibly late reply on this, but I'd rather create_function() be banned from themes. Arbitrary PHP is insecure -- especially user-inputted PHP -- and, keep in mind, it would make the theme insecure for multisite. create_function() is just as dangerous as eval() or assert() or any other arbitrary execution device, whether used incorrectly or maliciously.</div>
<div></div></blockquote></div><br>Are there any other specific functions we should be looking at noting specifically with the "Theme Check"/"uploader" script ... and eyes-on as well? We can always add a list of functions that should not be used in themes to the Guidelines.<br>
<br><br>Cais.<br>