Use of insecure eval() function found
46
47 $code = nuProcedure($proc);
48 if ($code != '') {
49 eval($code);50 return $result;
51 } else {
52 throw new Exception('Unknown Procedure Name');
Use of insecure eval() function found
11 $p = nuProcedure($procedure);
12 $error = '';
13 if ($p != '') {
14 eval($p);15 if ($error != '') {
16 nuDie($error);
17 }
Use of insecure eval() function found
130 // (If it does not exist, an error will be generated).
131 $p = nuProcedure("DETERMINE_ACCESS_LEVEL_FOR_FIRST_SSO_LOGIN");
132 if ($p != '') {
133 eval($p);134 if ($error != '') {
135 nuDie($error);
136 }
Use of insecure eval() function found
15
16 $p = nuProcedure('nuBeforeBrowse');
17 if ($p != '') {
18 eval($p); 19 }
20 if (count($_POST['nuErrors']) > 0) {
21 return;
Use of insecure eval() function found
104 if ($recordID != '') {
105 $p = nuProcedure('nuBeforeEdit');
106 if ($p != '') {
107 eval($p); 108 }
109 if (count($_POST['nuErrors']) > 0) {
110 return;
Use of insecure eval() function found
470 if (strpos($p, $functionName) !== false) {
471 $body = nuExtractFunctionBody($functionName, $p);
472 if ($body != null) {
473 eval($body); 474 }
475 }
476 }
Use of insecure eval() function found
468
469 $proc = nuProcedure('NUDEBUGRESULTADDED');
470 if ($proc != '') {
471 eval($proc);472 }
473
474 return $nuDebugId;
Use of insecure eval() function found
543{
544 $p = nuProcedure('nuBeforeDelete');
545 if ($p != '') {
546 eval($p);547 }
548 if (nuHasErrors()) {
549 return false;
Use of insecure eval() function found
557 // Global Before Save event
558 $proc = nuProcedure('nuBeforeSave');
559 if ($proc != '') {
560 eval($proc);561 }
562 if (nuHasErrors()) {
563 return false;
Use of insecure eval() function found
581 $proc = nuProcedure($procName);
582
583 if ($proc) {
584 eval($proc);585 }
586
587 if (nuHasErrors()) {
Use of insecure eval() function found
1304 $nudata = $nuDataSet ? $_POST['nudata'] : '';
1305
1306 try {
1307 eval($php);1308 } catch(Throwable $e) {
1309 nuExceptionHandler($e, $code);
1310 } catch(Exception $e) {
Use of insecure eval() function found
1047 $P = '$sql = "CREATE TABLE '.$tt.' '.$p.'";';
1048 $P .= 'nuRunQuery($sql);';
1049
1050 eval($P);1051 }
1052}
1053
Use of insecure eval() function found
1022 if ($x[0] == 'TABLE') {
1023 $P = " nuRunQuery('CREATE TABLE $tt SELECT * FROM $id');;";
1024
1025 eval($P);1026 }
1027
1028 if ($x[0] == 'SQL') {
Description
eval()
function allows execution of an arbitrary PHP code. Executing code dynamically is security-sensitive and should be avoided.
In past it has led to the following vulnerabilities:
Thus usage of each occurrence of eval()
should be audited properly before pushing to production.
Please also ensure that you're not dynamically executing code from untrusted sources (i.e., user input). If you need to do it, run the code in a sandboxed environment, or, you can use libraries like symfony/expression-language, madorin/matex, etc. to compile and evaluate expressions.