MyBB Community Forums

MyBB Community Forums > MyBB Project > MyBB Project & Site Issues > Why is MyBB using eval()?
Full Version: Why is MyBB using eval()?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Dvdxseo

2014-05-23, 09:09 PM
I have a question for MyBB Developers.

Why do you use eval() to parse php variables in the templates? And how can you protect the software from malicious code run via eval()?
I took a look at the output_page() and parse_page() functions but I didn't find my answer.

I'm curious.

Paul H.

2014-05-23, 11:48 PM
The templates are scanned upon insertion/revision for malicious code.

dragonexpert

2014-05-24, 01:10 PM
Also, templates can only be edited by someone who can access the Admin CP and has the can edit templates permission. If you think someone is going to put undesirable code in your templates, don't give them permission to that module.

Dvdxseo

2014-05-28, 07:58 PM
(2014-05-23, 11:48 PM)Paul H. Wrote: [ -> ]The templates are scanned upon insertion/revision for malicious code.

But where is this scanning located?

pavemen

2014-05-28, 08:08 PM
mybb root > admin > inc > functions.php and the check_template function
MyBB Community Forums > MyBB Project > MyBB Project & Site Issues > Why is MyBB using eval()?