This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
Este tema contiene 2 respuestas, tiene 2 mensajes.
Última actualización por hace 4 años, 4 meses.
When using the WP Defender Pro plugin (enlace oculto), it reports a security concern due to Toolset's code using eval()
enlace oculto
> Caution: The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.
So why does eval() exist in your code? If it's absolutely necessary, I will "Ignore" it in the report's action items but thought I'd confirm with you first.
