This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
No supporters are available to work today on Toolset forum. Feel free to create tickets and we will handle it as soon as we are online. Thank you for your understanding.
This topic contains 2 replies, has 2 voices.
Last updated by Clifford 3 years, 6 months ago.
When using the WP Defender Pro plugin (hidden link), it reports a security concern due to Toolset's code using eval()
hidden link
> Caution: The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.
So why does eval() exist in your code? If it's absolutely necessary, I will "Ignore" it in the report's action items but thought I'd confirm with you first.
Nigel
Languages: English (English ) Spanish (Español )
Timezone: Europe/London (GMT+01:00)
