+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17)
+--- Thread: eval code injection (/showthread.php?tid=76226)
eval code injection - az1409 - 04-23-2020
Hi all
If I disabled eval function in \system\core\Loader.php in CI (v3.1.10) will it affect any area in the application as eval is vulnerable to code injection
Any help would be appreciated.
Thank you.
RE: eval code injection - jreklund - 04-23-2020
You can disable eval() (in you php.ini) without any issue, as long as you have programmed your application without short tags.
PHP Code:
/*
|--------------------------------------------------------------------------
| Rewrite PHP Short Tags
|--------------------------------------------------------------------------
|
| If your PHP installation does not have short tag support enabled CI
| can rewrite the tags on-the-fly, enabling you to utilize that syntax
| in your view files. Options are TRUE or FALSE (boolean)
|
| Note: You need to have eval() enabled for this to work.
|
*/
$config['rewrite_short_tags'] = FALSE;
RE: eval code injection - az1409 - 05-02-2020
Thanks!