|
[
Permalink
| « Hide
]
Jamie Pratt added a comment - 11/Jul/08 12:09 PM
We would have to consider this very carefully. Haven't looked in detail at the code yet but I don't think we need to use eval here do we? This could be a potential security hole. Better not to use eval even if the data is not coming from the user / browser IMHO.
I have taken for example the "exportValue" and "_prepareValue" of the HTML_QuickForm_element class (in "lib\pear\HTML\QuickForm\element.php" file) which use eval.
After reading the 'Guidelines for contributed code', i have put this issue in "Add a project here" of the "contrib" project.
Excuse me for my ignorance. Perhaps, someone can delete this one. Amitiés Matthieu |
||||||||||||||||||||||||||||||||||||||||||||||||||