Skip Navigation
Buy Now

Home Toolset Professional Support [Resolved] Toolset using eval() flagged as security issue by WP Defender plugin

[Resolved] Toolset using eval() flagged as security issue by WP Defender plugin

This support ticket is created 4 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Tagged: 

This topic contains 2 replies, has 2 voices.

Last updated by Clifford 4 years, 1 month ago.

Author
Posts
#1793421

Clifford
2020-09-27 Toolset eval reported by WP Defender.png

When using the WP Defender Pro plugin (hidden link), it reports a security concern due to Toolset's code using eval()

hidden link
> Caution: The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

So why does eval() exist in your code? If it's absolutely necessary, I will "Ignore" it in the report's action items but thought I'd confirm with you first.

#1794163

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

Hi Clifford

It's effectively a false-positive in this case, and eval is required.

You can read more here: https://toolset.com/toolset-requirements/#eval-usage

#1797353

Clifford

tyvm

Known issues and solutions

Frequently asked support questions

Support tickets archive

Get help from experienced contractors

Meet Toolset support team

Toolset Customer Support Policy

Need to tell us something about the quality of support

How to remove personal information from your database for support