Remove usage of eval() in W3 Total Cache code

  • Resolved slisje

    (@slisje)


    3 years, 8 months ago

    Hi is it possible that W3 Total Cache remove the use of eval() within its code.I have the pages and lines if you need them.

    • This topic was modified 3 years, 8 months ago by slisje.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hello @slisje

    Thank you for reaching out.
    The part of the code that uses eval() code is required to add dynamic content, which won’t be cached by the Page Cache. It is only available to the ContentGrabber itself, which uses it for fragment caching.
    The same function caller requires W3TC_DYNAMIC_SECURITY to be defined, and since it is only available to the Page Cache, this is not malware.
    So, to be able to run the PHP code in the fragment to get up-to-date content, you have to use eval.
    Thank!

    Thread Starter slisje

    (@slisje)

    @vmarko ok, but for it to run does the content security policy need to include unsafe-eval?

    • This reply was modified 3 years, 8 months ago by slisje.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Remove usage of eval() in W3 Total Cache code’ is closed to new replies.

Tags