- This topic has 4 replies, 2 voices, and was last updated 3 years, 3 months ago by
.
-
Posts
-
Hi guys, I run an anti-malware scan on my site and the program told that some files of generatepress could be infected. I would like to share with you the suspicious lines/codes to ask you if you recognize them or if you think they are actually malicious code the were injected please!
Here we have the codeas:
1. …/public_html/wp-content/plugins/gp-premium/elements/class-hooks.php
Potential malicious code:
`if ( $this->php && GeneratePress_Elements_Helper::should_execute_php() ) {
ob_start();
eval( ‘?>’ . $content . ‘<?php ‘ ); // phpcs:ignore — Using eval() to execute PHP.
echo ob_get_clean(); // phpcs:ignore — Escaping not necessary.
} else {
echo $content; // phpcs:ignore — Escaping not necessary.
}2. ?…/public_html/wp-content/plugins/gp-premium/hooks/functions/hooks.php
Potential malicious code:
`
if ( ‘true’ == $php && ! defined( ‘GENERATE_HOOKS_DISALLOW_PHP’ ) ) {
eval( “?>$value<?php ” );
} else {
echo $value;
}
}
}Thanks for the help!
Customer Support
Hi there,
that code is fine.
its what GP uses to allow you to add PHP to a GP Hook Element.
You can safely ignore those warnings.super! thank you for your quick support! have a nice day!!
You’re welcome – and you too!
- You must be logged in to reply to this topic.
