Safety of plugin?

Hi Andrew,

My apologies for taking so long to get back to you.

Essentially, from my understanding, eval() is considered dangerous because it allows the execution of non-file-based PHP code on a server, and this PHP code could contain errors which crash the site, or could do nasty things to the site that you don’t want to happen.

The thing is, both of these factors are inescapable when you are adding custom code to a site, and are both present when you allow editing of the theme functions.php file, or the creation or modification of new plugins.

The key thing in both situations is that you only allow people to write new code for your site that you trust – this is why access to the snippets interface is restricted to administrator users by default, and can be restricted further if necessary.

I don’t think there is currently a better solution for executing snippet code on a site than using eval(). I have considered creating a feature that instead writes all snippet code to an external file for execution instead, but this poses its own issues, including the restrictive file writing permissions on many WordPress hosting servers, and still contains the dangers mentioned above.

Still, I am always open for any suggestions on better ways to do the things that this plugin hopes to accomplish.

Does this answer your question sufficiently?

Thank you for your thoughtful answer. That certainly helps clear things up! ??