Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suspicious function found In class-utility.php By Defender #300

Closed
Issa2M opened this issue Sep 24, 2018 · 3 comments
Closed

Suspicious function found In class-utility.php By Defender #300

Issa2M opened this issue Sep 24, 2018 · 3 comments
Assignees
@antonkorotkov
Labels
type/enhancement
Milestone
v2.2.0

Comments

@Issa2M
Copy link

Issa2M commented Sep 24, 2018

Hello, I got message from Defender Pro

There’s some suspicious looking code in the file wp-content/plugins/wp-stateless/vendor/usabilitydynamics/lib-utility/lib/class-utility.php. If you know the code is harmless you can ignore this warning. Otherwise, you can choose to delete this file. Before deleting any files from your site directory, we recommend backing up your website.

The Code is in line 2532
array_walk_recursive( $arr, create_function( '&$item, $key', 'if (is_string($item)) $item = mb_encode_numericentity($item, array (0x80, 0xffff, 0, 0xffff), "UTF-8");' ) );

May I ask Is it your code ? And Is it safe or not?

Best Regards

And Thank you for awsome plugin
@alimuzzaman
Copy link
Contributor

@Issa2M
Yes, it's our code and safe to use.

The warning was shown because of the create_function, it's deprecated and uses eval() internally.

Will replace them with separate or anonymous function in the future.

@ewsopp Set a milestone.

@Issa2M
Copy link
Author

Issa2M commented Sep 24, 2018

Good Thank You :)

@oceandigital
Copy link

@Issa2M
Yes, it's our code and safe to use.

The warning was shown because of the create_function, it's deprecated and uses eval() internally.

Will replace them with separate or anonymous function in the future.

@ewsopp Set a milestone.

Hello, could you please also make this change for all the wp-property plugins as well?

/vendor/usabilitydynamics/lib-utility/lib/class-utility.php is in every plugin you make and they are all flagged as suspicious by Defender. Is it possible to just comment out the code for each file until updates are made like this:

// array_walk_recursive( $arr, create_function( '&$item, $key', 'if (is_string($item)) $item = mb_encode_numericentity($item, array (0x80, 0xffff, 0, 0xffff), "UTF-8");' ) );

?

@ewsopp ewsopp added this to the v2.2.0 milestone Dec 21, 2018
@ewsopp ewsopp assigned alimuzzaman and unassigned ewsopp Dec 21, 2018
alimuzzaman pushed a commit to udx/lib-wp-theme that referenced this issue Jan 6, 2019
Updated create_function to anonymous function.
e1a4bf7 
Related issue udx/wp-stateless#300
@ewsopp ewsopp assigned antonkorotkov and unassigned alimuzzaman Jan 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@antonkorotkov antonkorotkov

Labels
type/enhancement
Projects
None yet
Milestone
v2.2.0
Development

No branches or pull requests
5 participants
@antonkorotkov @ewsopp @alimuzzaman @oceandigital @Issa2M