[theme-reviewers] Alternative to eval()
Daniel Fenn
danielx386 at gmail.com
Fri Jul 1 08:24:30 UTC 2011
So using base64 and such is also forbidden?
On 01/07/2011, Andrew Nacin <wp at andrewnacin.com> wrote:
> On Fri, Apr 29, 2011 at 10:00 AM, Rahul Bansal
> <rahul.bansal at rtcamp.com>wrote:
>
>> So far, I believe, exploring eval() like alternative is not good idea.
>> Though I will try create_function as suggested by Otto and see how it
>> works.
>>
>
> Incredibly late reply on this, but I'd rather create_function() be banned
> from themes. Arbitrary PHP is insecure -- especially user-inputted PHP --
> and, keep in mind, it would make the theme insecure for multisite.
> create_function() is just as dangerous as eval() or assert() or any other
> arbitrary execution device, whether used incorrectly or maliciously.
>
> Nacin
>
--
Regards,
Daniel Fenn
More information about the theme-reviewers
mailing list