Use of insecure eval() function found
46
47 $code = nuProcedure($proc);
48 if ($code != '') {
49 eval($code);50 return $result;
51 } else {
52 throw new Exception('Unknown Procedure Name');
Use of insecure eval() function found
11 $p = nuProcedure($procedure);
12 $error = '';
13 if ($p != '') {
14 eval($p);15 if ($error != '') {
16 nuDie($error);
17 }
Use of insecure eval() function found
130 // (If it does not exist, an error will be generated).
131 $p = nuProcedure("DETERMINE_ACCESS_LEVEL_FOR_FIRST_SSO_LOGIN");
132 if ($p != '') {
133 eval($p);134 if ($error != '') {
135 nuDie($error);
136 }
Use of insecure eval() function found
15
16 $p = nuProcedure('nuBeforeBrowse');
17 if ($p != '') {
18 eval($p); 19 }
20 if (count($_POST['nuErrors']) > 0) {
21 return;
Use of insecure eval() function found
104 if ($recordID != '') {
105 $p = nuProcedure('nuBeforeEdit');
106 if ($p != '') {
107 eval($p); 108 }
109 if (count($_POST['nuErrors']) > 0) {
110 return;
Use of insecure eval() function found
470 if (strpos($p, $functionName) !== false) {
471 $body = nuExtractFunctionBody($functionName, $p);
472 if ($body != null) {
473 eval($body); 474 }
475 }
476 }
Use of insecure eval() function found
442
443 $proc = nuProcedure('NUDEBUGRESULTADDED');
444 if ($proc != '') {
445 eval($proc);446 }
447
448 return $nuDebugId;
Use of insecure eval() function found
579 $proc = nuProcedure($procName);
580
581 if ($proc) {
582 eval($proc);583 }
584
585 if (nuHasErrors()) {
Use of insecure eval() function found
537{
538 $p = nuProcedure('nuBeforeDelete');
539 if ($p != '') {
540 eval($p);541 }
542 if (nuHasErrors()) {
543 return false;
Use of insecure eval() function found
555 // Global Before Save event
556 $proc = nuProcedure('nuBeforeSave');
557 if ($proc != '') {
558 eval($proc);559 }
560 if (nuHasErrors()) {
561 return false;
Use of insecure eval() function found
1304 $nudata = $nuDataSet ? $_POST['nudata'] : '';
1305
1306 try {
1307 eval($php);1308 } catch(Throwable $e) {
1309 nuExceptionHandler($e, $code);
1310 } catch(Exception $e) {
Use of insecure eval() function found
1047 $P = '$sql = "CREATE TABLE '.$tt.' '.$p.'";';
1048 $P .= 'nuRunQuery($sql);';
1049
1050 eval($P);1051 }
1052}
1053
Use of insecure eval() function found
1022 if ($x[0] == 'TABLE') {
1023 $P = " nuRunQuery('CREATE TABLE $tt SELECT * FROM $id');;";
1024
1025 eval($P);1026 }
1027
1028 if ($x[0] == 'SQL') {
Description
eval()
function allows execution of an arbitrary PHP code. Executing code dynamically is security-sensitive and should be avoided.
In past it has led to the following vulnerabilities:
Thus usage of each occurrence of eval()
should be audited properly before pushing to production.
Please also ensure that you're not dynamically executing code from untrusted sources (i.e., user input). If you need to do it, run the code in a sandboxed environment, or, you can use libraries like symfony/expression-language, madorin/matex, etc. to compile and evaluate expressions.