- This topic has 9 replies, 3 voices, and was last updated 10 months ago by Tom.
November 15, 2019 at 1:30 am #1063674Matt
I am getting messages about gp premium files from a malware scanner that point to bad / dangerous / suspicious codes. Is this something other people have or something that needs to be addressed from GP? The files are: /wp-content/plugins/gp-premium/elements/class-hooks.php and /wp-content/plugins/gp-premium/hooks/functions/hooks.php
Thanks!November 15, 2019 at 4:01 am #1063819DavidStaffCustomer Support
all of GP’s code is checked for quality and security.
This i believe is the first time anyone has raised this issue.
Does the Malware scanner provide any more detail regarding the issue?November 16, 2019 at 2:19 am #1064649Matt
Thx. It highlights these lines in
eval( “?>$value<?php ” );
eval( ‘?>’ . $content . ‘<?php ‘ );November 16, 2019 at 3:31 am #1064670Matt
PS infos from the plugin “security by cleantalk” (malware scanner)November 16, 2019 at 9:13 am #1064977TomLead DeveloperLead Developer
eval()function can be used for bad stuff, which is why security plugins flag it automatically.
In this case, we’re using it as it’s supposed to be used – nothing bad or dangerous about it.
Let me know if you have any other questions 🙂November 16, 2019 at 1:16 pm #1065086Matt
Thx for your reply
I am no expert but maybe there is an issue that needs to be cleared up.
There is another reference below about alternatives.
https://www.exakat.io/land-where-php-uses-eval/November 16, 2019 at 1:16 pm #1065087Matt
correction “it is not recommended”November 16, 2019 at 6:26 pm #1065207TomLead DeveloperLead Developer
We’ve actually had this double-checked by WordPress security experts. The
eval()function can only contain content which is saved by you, the administrator. It’s not possible for a non-administrator to run code through it.
If someone bad is logged in as an administrator, they can do anything they want through the theme/plugin editor (so that
eval()function is the least of your worries).November 17, 2019 at 12:10 am #1065287Matt
ok, thxNovember 17, 2019 at 8:35 am #1065627
- You must be logged in to reply to this topic.