Use of insecure eval() function found
46
47 $code = nuProcedure($proc);
48 if ($code != '') {
49 eval($code);50 return $result;
51 } else {
52 throw new Exception('Unknown Procedure Name');
Use of insecure eval() function found
11 $p = nuProcedure($procedure);
12 $error = '';
13 if ($p != '') {
14 eval($p);15 if ($error != '') {
16 nuDie($error);
17 }
Use of insecure eval() function found
132 // (If it does not exist, an error will be generated).
133 $p = nuProcedure("DETERMINE_ACCESS_LEVEL_FOR_FIRST_SSO_LOGIN");
134 if ($p != '') {
135 eval($p);136 if ($error != '') {
137 nuDie($error);
138 }
Use of insecure eval() function found
470 if (strpos($p, $functionName) !== false) {
471 $body = nuExtractFunctionBody($functionName, $p);
472 if ($body != null) {
473 eval($body); 474 }
475 }
476 }
Use of insecure eval() function found
15
16 $p = nuProcedure('nuBeforeBrowse');
17 if ($p != '') {
18 eval($p); 19 }
20 if (count($_POST['nuErrors']) > 0) {
21 return;
Use of insecure eval() function found
104 if ($recordID != '') {
105 $p = nuProcedure('nuBeforeEdit');
106 if ($p != '') {
107 eval($p); 108 }
109 if (count($_POST['nuErrors']) > 0) {
110 return;
Use of insecure eval() function found
469
470 $proc = nuProcedure('NUDEBUGRESULTADDED');
471 if ($proc != '') {
472 eval($proc);473 }
474
475 return $nuDebugId;
Use of insecure eval() function found
543{
544 $p = nuProcedure('nuBeforeDelete');
545 if ($p != '') {
546 eval($p);547 }
548 if (nuHasErrors()) {
549 return false;
Use of insecure eval() function found
557 // Global Before Save event
558 $proc = nuProcedure('nuBeforeSave');
559 if ($proc != '') {
560 eval($proc);561 }
562 if (nuHasErrors()) {
563 return false;
Use of insecure eval() function found
581 $proc = nuProcedure($procName);
582
583 if ($proc) {
584 eval($proc);585 }
586
587 if (nuHasErrors()) {
Use of insecure eval() function found
1313 $nudata = $nuDataSet ? $_POST['nudata'] : '';
1314
1315 try {
1316 eval($php);1317 } catch(Throwable $e) {
1318 nuExceptionHandler($e, $code);
1319 } catch(Exception $e) {
Use of insecure eval() function found
1056 $P = '$sql = "CREATE TABLE '.$tt.' '.$p.'";';
1057 $P .= 'nuRunQuery($sql);';
1058
1059 eval($P);1060 }
1061}
1062
Use of insecure eval() function found
1032 if ($x[0] == 'TABLE') {
1033 $P = " nuRunQuery('CREATE TABLE $tt SELECT * FROM $id');;";
1034
1035 eval($P);1036 }
1037
1038 if ($x[0] == 'SQL') {
Description
eval()
function allows execution of an arbitrary PHP code. Executing code dynamically is security-sensitive and should be avoided.
In past it has led to the following vulnerabilities:
Thus usage of each occurrence of eval()
should be audited properly before pushing to production.
Please also ensure that you're not dynamically executing code from untrusted sources (i.e., user input). If you need to do it, run the code in a sandboxed environment, or, you can use libraries like symfony/expression-language, madorin/matex, etc. to compile and evaluate expressions.