[theme-reviewers] [WordPress Themes] #2186: THEME: impressIO -1.0
Jay
furcifer at furcifer.me
Wed Jan 5 12:35:13 UTC 2011
i thought the uploader scanned for eval?
"Philip M. Hofer (Frumph)" <philip at frumph.net> wrote:
>$cap = new autoconfig();
>
>He's using $cap->var; to get the variable, and you just wrote exactly
>what
>I was going to write ;)
>
>
>- Phil
>
>
>
>----- Original Message -----
>From: "Otto" <otto at ottodestruct.com>
>To: <theme-reviewers at lists.wordpress.org>
>Sent: Wednesday, January 05, 2011 4:04 AM
>Subject: Re: [theme-reviewers] [WordPress Themes] #2186: THEME:
>impressIO -1.0
>
>
>> For the specific case of eval, whether it is harmful or not is
>> irrelevant. We do not allow use of eval() in themes. Period.
>>
>> And for the record, this is one of the stupidest functions I've ever
>seen:
>>
>> public function fetchConfig($fn){
>> $code = '$this->' . $fn;
>> eval("return $code");
>> }
>>
>> I guess the point seems to be to return $this->foo where $fn='foo',
>> but there's a few problems with it.
>>
>> Firstly, it doesn't make any sense. Why take the input, build a
>> string, and then eval that string? If you want to return $this->foo
>> when $fn = 'foo', then a simple "return $this->$fn;" would do the
>> trick just fine.
>>
>> Secondly, it doesn't work. "return $code" will return a syntax error
>> due to the lack of the ending semi-colon on the code.
>>
>> Thirdly, I can't find any reference to it in any of the other files.
>> If this isn't being used, why is it in there at all?
>>
>> No, I wouldn't allow it through with that in there.
>>
>> -Otto
>>
>> On Wed, Jan 5, 2011 at 5:42 AM, Radu Ganea <raduganea at raduganea.com>
>> wrote:
>>> Hi guys,
>>>
>>> I will update the TimThumb to the latest version.
>>> Could you please take a closer look at the "eval()" function I am
>using
>>> and
>>> see if it really is harmful? I really think it isn't.
>>>
>>> Thanks
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
>_______________________________________________
>theme-reviewers mailing list
>theme-reviewers at lists.wordpress.org
>http://lists.wordpress.org/mailman/listinfo/theme-reviewers
--
Mobile, wolf is mobile.
Http://furcifer.net
More information about the theme-reviewers
mailing list