[wp-trac] [WordPress Trac] #10650: eval() in wp-admin/includes/class-pclzip.php should be replaced
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 19 14:02:43 UTC 2009
#10650: eval() in wp-admin/includes/class-pclzip.php should be replaced
----------------------------+-----------------------------------------------
Reporter: Hans Spath | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Administration | Version:
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
On some systems eval() is disabled due to security reasons.
In wp-admin/includes/class-pclzip.php eval() is used several times like
this:
{{{
// ----- Call the callback
// Here I do not use call_user_func() because I need to send a
reference to the
// header.
eval('$v_result =
'.$p_options[PCLZIP_CB_PRE_ADD].'(PCLZIP_CB_PRE_ADD, $v_local_header);');
}}}
It's true that passing references with call_user_func() is a problem, but
you can use either
{{{
$v_result = $p_options[PCLZIP_CB_PRE_ADD] (PCLZIP_CB_PRE_ADD,
$v_local_header);
}}}
or
{{{
$v_result = call_user_func_array($p_options[PCLZIP_CB_PRE_ADD],
array(PCLZIP_CB_PRE_ADD, &$v_local_header));
}}}
instead.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10650>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list