This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
Ce sujet contient 2 réponses, a 2 voix.
Dernière mise à jour par Il y a 4 années et 4 mois.
When using the WP Defender Pro plugin (lien caché), it reports a security concern due to Toolset's code using eval()
lien caché
> Caution: The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.
So why does eval() exist in your code? If it's absolutely necessary, I will "Ignore" it in the report's action items but thought I'd confirm with you first.
