[theme-reviewers] Alternative to eval()
furcifer at furcifer.me
Fri Jul 1 12:30:46 UTC 2011
Yep base64 is forbidden
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Daniel Fenn <danielx386 at gmail.com> wrote:
So using base64 and such is also forbidden?
On 01/07/2011, Andrew Nacin <wp at andrewnacin.com> wrote:
> On Fri, Apr 29, 2011 at 10:00 AM, Rahul Bansal
> <rahul.bansal at rtcamp.com>wrote:
>> So far, I believe, exploring eval() like alternative is not good idea.
>> Though I will try create_function as suggested by Otto and see how it
> Incredibly late reply on this, but I'd rather create_function() be banned
> from themes. Arbitrary PHP is insecure -- especially user-inputted PHP --
> and, keep in mind, it would make the theme insecure for multisite.
> create_function() is just as dangerous as eval() or assert() or any other
> arbitrary execution device, whether used incorrectly or maliciously.
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the theme-reviewers