Support Tickets - CMS - PHP eval()

CMS - PHP eval()

CMS 12.12.2016 2362 Feedback Status: Closed Solution: Yes bluesatkv


Hi Jerome,

Why we use function 'eval'?

https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet

Thx


Replies (1)

  • avatar Jerome

    The question is why not? PHP supports it also in PHP 7 and if it should not be used why PHP has it?

    We will need to use eval for certain hooks and plugins otherwise the whole CMS would not work. We also filter all code injected with eval and certainly no user action or input is running in eval().

    Kind regards
    Jérôme

    12.12.2016 0