[Plugin: Theme-Check] Invaild warning: found / .exec()

  • Recent testing of a new community theme for BuddyPress has produced this warning:
    WARNING: Found /.exec in the file functions.php. PHP sytem calls should be disabled by server admins anyway!

    The line in question is actually a block of JavaScript located in functions.php and the exec() that triggered the ? false/positive result is actually a regex pattern checking function and not the PHP execute function.

    The line in functions.php reads:

    var digits = /(.*?)rgb((\d+), (\d+), (\d+))/.exec(color);

    Is it possible to confirm this as an erroneous result?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    The line in question may be safe JS, but theme-check isn’t advanced enough to know that, because it’s not executing the code, it’s scanning it.

    You may need to move the javascript into a separate file with a .js extension in order to eliminate it from that particular check (which is only checking .php files).

    Thread Starter Hugo Ashmore

    (@hnla)

    Thanks for the response Otto, yes naturally it’s simply a scan and unable to differentiate between php/js. We’ll look at whether it’s possible to move the code block.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Theme-Check] Invaild warning: found / .exec()’ is closed to new replies.