[wp-trac] [WordPress Trac] #10650: eval() in wp-admin/includes/class-pclzip.php should be replaced

WordPress Trac wp-trac at lists.automattic.com
Wed Aug 19 14:02:43 UTC 2009


#10650: eval() in wp-admin/includes/class-pclzip.php should be replaced
----------------------------+-----------------------------------------------
 Reporter:  Hans Spath      |       Owner:            
     Type:  defect (bug)    |      Status:  new       
 Priority:  normal          |   Milestone:  Unassigned
Component:  Administration  |     Version:            
 Severity:  normal          |    Keywords:            
----------------------------+-----------------------------------------------
 On some systems eval() is disabled due to security reasons.

 In wp-admin/includes/class-pclzip.php eval() is used several times like
 this:

 {{{
       // ----- Call the callback
       // Here I do not use call_user_func() because I need to send a
 reference to the
       // header.
       eval('$v_result =
 '.$p_options[PCLZIP_CB_PRE_ADD].'(PCLZIP_CB_PRE_ADD, $v_local_header);');
 }}}

 It's true that passing references with call_user_func() is a problem, but
 you can use either
 {{{
     $v_result = $p_options[PCLZIP_CB_PRE_ADD] (PCLZIP_CB_PRE_ADD,
 $v_local_header);
 }}}
 or
 {{{
     $v_result = call_user_func_array($p_options[PCLZIP_CB_PRE_ADD],
 array(PCLZIP_CB_PRE_ADD, &$v_local_header));
 }}}
 instead.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10650>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list