Use of insecure eval() function found
46
47 $code = nuProcedure($proc);
48 if ($code != '') {
49 eval($code);50 return $result;
51 } else {
52 throw new Exception('Unknown Procedure Name');
Use of insecure eval() function found
11 $p = nuProcedure($procedure);
12 $error = '';
13 if ($p != '') {
14 eval($p);15 if ($error != '') {
16 nuDie($error);
17 }
Use of insecure eval() function found
132 // (If it does not exist, an error will be generated).
133 $p = nuProcedure("DETERMINE_ACCESS_LEVEL_FOR_FIRST_SSO_LOGIN");
134 if ($p != '') {
135 eval($p);136 if ($error != '') {
137 nuDie($error);
138 }
Use of insecure eval() function found
15
16 $p = nuProcedure('nuBeforeBrowse');
17 if ($p != '') {
18 eval($p); 19 }
20 if (count($_POST['nuErrors']) > 0) {
21 return;
Use of insecure eval() function found
104 if ($recordID != '') {
105 $p = nuProcedure('nuBeforeEdit');
106 if ($p != '') {
107 eval($p); 108 }
109 if (count($_POST['nuErrors']) > 0) {
110 return;
Use of insecure eval() function found
470 if (strpos($p, $functionName) !== false) {
471 $body = nuExtractFunctionBody($functionName, $p);
472 if ($body != null) {
473 eval($body); 474 }
475 }
476 }
Use of insecure eval() function found
469
470 $proc = nuProcedure('NUDEBUGRESULTADDED');
471 if ($proc != '') {
472 eval($proc);473 }
474
475 return $nuDebugId;
Use of insecure eval() function found
543{
544 $p = nuProcedure('nuBeforeDelete');
545 if ($p != '') {
546 eval($p);547 }
548 if (nuHasErrors()) {
549 return false;
Use of insecure eval() function found
557 // Global Before Save event
558 $proc = nuProcedure('nuBeforeSave');
559 if ($proc != '') {
560 eval($proc);561 }
562 if (nuHasErrors()) {
563 return false;
Use of insecure eval() function found
581 $proc = nuProcedure($procName);
582
583 if ($proc) {
584 eval($proc);585 }
586
587 if (nuHasErrors()) {
Use of insecure eval() function found
1328 $nudata = $nuDataSet ? $_POST['nudata'] : '';
1329
1330 try {
1331 eval($php);1332 } catch(Throwable $e) {
1333 nuExceptionHandler($e, $code);
1334 } catch(Exception $e) {
Use of insecure eval() function found
1071 $P = '$sql = "CREATE TABLE '.$tt.' '.$p.'";';
1072 $P .= 'nuRunQuery($sql);';
1073
1074 eval($P);1075 }
1076}
1077
Use of insecure eval() function found
1047 if ($x[0] == 'TABLE') {
1048 $P = " nuRunQuery('CREATE TABLE $tt SELECT * FROM $id');;";
1049
1050 eval($P);1051 }
1052
1053 if ($x[0] == 'SQL') {
Description
eval()
function allows execution of an arbitrary PHP code. Executing code dynamically is security-sensitive and should be avoided.
In past it has led to the following vulnerabilities:
Thus usage of each occurrence of eval()
should be audited properly before pushing to production.
Please also ensure that you're not dynamically executing code from untrusted sources (i.e., user input). If you need to do it, run the code in a sandboxed environment, or, you can use libraries like symfony/expression-language, madorin/matex, etc. to compile and evaluate expressions.