victorbargains

Hi. I just started using this plugin and I too am concerned about the use of eval() since it poses a security risk.

Maybe I can help. I believe replacing lines 773-776 with this code will do the same as the eval, but in a type-safe way:

    function calculate2( $a, $op, $b ) {
        switch( $op ){
            case '+': return $a + $b;
            case '-': return $a - $b;
            case '*': return $a * $b;
        }
        return null;
    }

    if ((int)$wpgform_options['captcha_terms'] === 2)
        $x = calculate2( $a, $op1, $b );
    else if( $op1 == '*' || $op2 == '-' )
        $x = calculate2( calculate2( $a, $op1, $b ), $op2, $c );
    else
        $x = calculate2( $a, $op1, calculate2( $b, $op2, $c ) );

This code tests to see if the first operator is * or the second is -, because that will determine the order of operations, whether the answer is ($a $op1 $b) $op2 $c as opposed to $a $op1 ($b $op2 $c). I used this table to figure out what the logic should be, and I think it checks out.

//  a * b + c   // *+ should be (a * b) + c
//  a * b - c   // +- should be (a * b) - c    
//  a + b - c   // +- should be (a + b) - c
//  a - b - c   // -- should be (a - b) - c
//  a * b * c   // ** could be either (a * b) * c or a * (b * c)
//  a + b * c   // +* should be a + (b * c)
//  a - b * c   // -* should be a - (b * c)
//  a - b + c   // -+ should be a - (b + c)
//  a + b + c   // ++ could be either (a + b) + c or a + (b + c)

• This reply was modified 6 years, 9 months ago by victorbargains.
• This reply was modified 6 years, 9 months ago by victorbargains. Reason: fixing code formatting

I was able to set up an old form to work with this plugin this week. I tried first with a new form, saw the error, and then tried to downgrade that form. The ? button in the bottom right corner had the “Switch back to old forms” option greyed out.

BUT, I was able to create a new form, and before adding any content, immediately clicked the ? button and found that “Switch…” was now enabled. So, if the first thing you do after creating a new form is revert it to old forms, then this plugin should still work great.

I believe I have fixed this issue by modifying products/photocrati_nextgen/modules/datamapper/module.datamapper.php

To bypass the error, remove the & symbol from before $wp_query on lines 41, 67, 85, and 102. This will eliminate the error for set_custom_qp_query(), set_custom_wp_query_fields(), set_custom_qp_query_where(), and set_custom_qp_query_groupby().

I have not gotten this error in reference to the add_post_title_where_clauses() and add_post_name_where_clauses() functions, but it would probably be a good idea to perform this change on lines 152 and 174 as well. As far as I can tell, none of these functions need to be passing by reference, so this change should be fine.

I am also getting this error on my site, and when I search for the errors I find many other sites showing the error. My host has updated to PHP 7.1 so I cannot just revert to an old version.