[theme-reviewers] Alternative to eval()

Daniel Fenn danielx386 at gmail.com
Fri Jul 1 08:24:30 UTC 2011

So using base64 and such is also forbidden?

On 01/07/2011, Andrew Nacin <wp at andrewnacin.com> wrote:
> On Fri, Apr 29, 2011 at 10:00 AM, Rahul Bansal
> <rahul.bansal at rtcamp.com>wrote:
>> So far, I believe, exploring eval() like alternative is not good idea.
>> Though I will try create_function as suggested by Otto and see how it
>> works.
> Incredibly late reply on this, but I'd rather create_function() be banned
> from themes. Arbitrary PHP is insecure -- especially user-inputted PHP --
> and, keep in mind, it would make the theme insecure for multisite.
> create_function() is just as dangerous as eval() or assert() or any other
> arbitrary execution device, whether used incorrectly or maliciously.
> Nacin

Daniel Fenn

More information about the theme-reviewers mailing list