Joomla! Issue Tracker | Joomla! CMS #1236 - Removing eval() from JDocumentHTML->countModules

Closed
4 Jun 2013
Medium
Build: master
# 1236
Diff
Bakual:patch-1
Foreign ID 31081

Success

Success default The Travis CI build passed Details

User tests: Successful: Unsuccessful:

Bakual
4 Jun 2013

Removing an unneeded eval() call in the countModules function.

Since it's the only place Joomla uses an eval() call, removing it would allow to disable eval() on server level for added security.

Tracker:
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=31081

51a9126 4 Jun 2013

Removing eval() from JDocumentHTML->countModules

Bakual - open - 4 Jun 2013

Bakual - close - 4 Jun 2013

Bakual - comment - 4 Jun 2013

Aww, forget it.
The eval() is there to support 'and' or 'or' operators. I think there should be a better (and saver) way than to use eval but need to think about it.

Bakual - head_ref_deleted - 4 Jun 2013

realityking - comment - 4 Jun 2013

We've deprecated that behavior in the platform for this very reason but it hasn'tbenn merged to the CMS. I suggest doing that.

Bakual - comment - 4 Jun 2013

I see. Deprecate operators and removing it (with Joomla 4.x) would indeed be the best way, as it's very easy to make the same checks within the template.

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#1236] - Removing eval() from JDocumentHTML->countModules

Add a Comment