vip-scanner icon indicating copy to clipboard operation
vip-scanner copied to clipboard

Published 20 hours ago verified publisher icon Automattic

Insufficient regular expressions in checks

Open ockham opened this issue 10 years ago • 0 comments

This:

<?php
/**/eval('echo "I am evil\n";');
;eval('echo "Me too\n";');
?>

isn't detected by ForbiddenPHPFunctionsCheck. The same regular expressions are also used in some other [Forbidden|Deprecated][Functions|Constants]Checks, so one could e.g. also do

$plugindir =PLUGINDIR;
echo $plugindir;

We need tests to cover this, and a proper tokenizer or parser instead of regular expressions.

ockham avatar Nov 10 '14 22:11 ockham