问题
I am using the WPAlchemy MetaBox PHP Class in my wordpress theme for some custom post types. Problem appears when I run the Theme-Check:
WARNING: Found eval in the file inc/metaboxes/MediaAccess.php. eval() is not allowed..
Line 375: data = eval('(' + (data.indexOf('{') < 0 ? '{' + data + '}' : data) + ')');
I don't know why this is coming up, as line 375 is JavaScript enclosed in: CDATA
See below excerpt from MediaAccess.php
// include javascript for special functionality
?><script type="text/javascript">
/* <![CDATA[ */
var interval = null;
var data = $(this).attr('class').match(/({.*})/i);
data = (data && data[1]) ? data[1] : '' ;
data = eval("(" + (data.indexOf('{') < 0 ? '{' + data + '}' : data) + ")");
/* ]]> */
</script><?php
I want to submit this theme to the wordpress directory but they don't allow it with this error :/
回答1:
Try $.parseJSON(data.indexOf('{') < 0 ? '{' + data + '}' : data)
eval is evil
回答2:
You definitely shouldn't be using eval as it's potentially a serious security problem. See this1, this2, this3, this4, this5 or this6.
Just rewrite your code in a way that eval is not needed.
回答3:
If you had to use eval something went wrong. There should be no real situation to use eval that can't be properly implemented with best practice.
回答4:
You could use: "ev"."al" as it is scanning your file for "eval". But wether the use of eval is good, is an other question.
来源:https://stackoverflow.com/questions/13036246/eval-is-not-allowed