Package: phpmyadmin Version: 4:2.9.1.1-3 Severity: wishlist
Heya, in phpmyadmin/libraries/Config.class.php line 377 and 380 phpmyadmin uses eval to evaluate the contents of a config file. There're several reasons to avoid this: * eval is evil, especially in languages like php * there're enough ways to read a config file without using eval (yes, eval makes things simple - and too often pretty bad) * it's the last web application that stops me from adding suhosin.executor.disable_eval = On to my php config. Would be great if there would be a better implementation in the next version, in favour of better security. Thanks a lot, Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
