Jump to content

Recommended Posts

I'm trying repair a WordPress plugin called 'php-execution' to run in php 7 and in the latest WordPress software.

 

This error is displayed: 'preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead'.

So I've tried to convert the following code to use preg_replace_callback without much luck.

if(wp_default_editor() != 'html')
	{
	$content = preg_replace (
		'#<\?php([\s\S]*?)\?>#ie', 
		'\'<img src="\' . PHP_EXECUTION_BASE_URL . \'/assets/trans.gif" class="mceWpPHP mceItemNoResize" title="php" alt="\' . base64_encode(stripslashes(\'\\0\')) . \'" />\'',
		$content
		);
		}
		
return $content;
}

Can anyone help me to convert preg_replace to preg_replace_callback?

Thanks

shiningtor

 

 

Get rid of the plugin.

 

Allowing arbitrary code execution within posts is already a shitty idea. But doing it with an obscure plugin that seems to have been published somewhere in 2009 and never updated since is suicidal.

 

How about setting up a proper, secure Wordpress installation? It's really not that hard.

Hi. The WordPress sites I use the php-execution-plugin on are completely closed systems. Only I have access to them. How is this plugin insecure?  I can see that this plugin would be insecure if I allowed commenting and users to add page etc. But I don't. 

Thanks

shiningtor

The WordPress ecosystem is infamous for its lack of security and has almost 1,000 entries in the CVE vulnerability database, not to mention the long history of high-profile attacks. And given your attitude towards security, it's hard to believe that you're running a carefully hardened server. This is anything but a “completely closed system”.

 

A single SQL injection or cross-site scripting or cross-site request forgery attack can be suffient to inject code into a post. And once that's done, the attacker has direct access to your server.

Edited by Jacques1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.