• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
eval code injection

#1
Hi all

If I disabled eval function in \system\core\Loader.php in CI (v3.1.10) will it affect any area in the application as eval is vulnerable to code injection

Any help would be appreciated.

Thank you.
Reply

#2
You can disable eval() (in you php.ini) without any issue, as long as you have programmed your application without short tags.

PHP Code:
/*
|--------------------------------------------------------------------------
| Rewrite PHP Short Tags
|--------------------------------------------------------------------------
|
| If your PHP installation does not have short tag support enabled CI
| can rewrite the tags on-the-fly, enabling you to utilize that syntax
| in your view files.  Options are TRUE or FALSE (boolean)
|
| Note: You need to have eval() enabled for this to work.
|
*/
$config['rewrite_short_tags'] = FALSE
Reply

#3
Thanks!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.