usage of Eval

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.1. If you need support for phpBB 3.1 please visit the 3.1.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Post Reply
carol1988
Registered User
Posts: 1
Joined: Sat May 05, 2018 1:42 pm

usage of Eval

Post by carol1988 » Fri May 11, 2018 3:09 am

hi, I was making an extension and one of my modules failed to load, and stumbled on this code in functions_module.php

Code: Select all

// @codingStandardsIgnoreStart eval('$is_auth = (int) (' . eval($module_auth); . ');'); // @codingStandardsIgnoreEnd return $is_auth;


Image
but my point is, eval usage should be avoided, no ?

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1775
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: usage of Eval

Post by DavidIQ » Sat May 12, 2018 8:47 pm

Maybe for new code and that depends. That file is several versions old dating back to 3.0. The modules system is something that will be rewritten in the future so that might go away at that point if it's found to not be needed or can be done some other way.
Image

User avatar
JoshyPHP
Registered User
Posts: 358
Joined: Fri Jul 08, 2011 9:43 pm

Re: usage of Eval

Post by JoshyPHP » Sat May 12, 2018 9:28 pm

carol1988 wrote:
Fri May 11, 2018 3:09 am
eval usage should be avoided, no ?
In practice it goes like this:
A: eval() should be avoided()
B: Why?
A: Because it's bad.
B: Why?
A: It's not safe.
B: Why?
A: It can be used to <whatever>
B: How?
A: I don't know.
If you're interested, here's what you should do: find out how eval() is being used, how it could be abused and how it could be replaced.

Post Reply