Installing raises malware error due to use of eval
-
Reposting this as a support issue as review deleted (and my apologetic response also deleted)
I checked the code. While it passes the high bar of wordpress plugin code review, installing the plugin raised a flag from a malware scanner. This is exactly the behaviour we want from a host, proactive protection. However it means they take the website offline in the meantime.
I admit I should have tested this on a staging site on the same server and took a shortcut only testing on local machine.
It flagged the use of eval(). I am not a programmer but researched a bit and there are suggestions on the pages linked below.
https://www.exakat.io/land-where-php-uses-eval/
Wordpress VIP code sniffer would flag this.
https://github.com/WordPress/WordPress-Coding-Standards/issues/81eval() and create_function() #
Both these functions can execute arbitrary code that’s constructed at run time, which can be created through difficult-to-follow execution flows. These methods can make your site fragile because unforeseen conditions can cause syntax errors in the executed code, which becomes dynamic. A much better alternative is an Anonymous Function, which is hardcoded into the file and can never change during execution.
- The topic ‘Installing raises malware error due to use of eval’ is closed to new replies.
