Ticket #802 (closed defect: invalid)

Opened 9 months ago

Last modified 9 months ago

PradoBase createCompenent fix:

Reported by: jake Owned by: xue
Priority: high Milestone: 3.1.2
Component: Prado Framework v3 Version: 3.1
Severity: tweak Keywords:
Cc:

Description

This part of the code isn't exactly broken but its using eval which should really never be used.

Under the static method createComponent() where eval is used like so...

eval("\$component=new $type($s);");

That could be changed to...

$component=new $type($s);

The code is now even simpler and reduces the security risk that eval imposes of running PHP code.

Regards, - jake

Change History

Changed 9 months ago by durgis

Good call Jake, I always thought the use of eval there seemed inappropriate.

Brad

Changed 9 months ago by xue

  • status changed from new to closed
  • resolution set to invalid
  • milestone set to 3.1.2

We use eval() here to allow passing parameters to constructor. Your change is not correct. If you can come up with an approach that avoids using eval(), it will be great!

Note: See TracTickets for help on using tickets.