Tim Starling <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #14 from Tim Starling <> 2010-12-08 06:06:54 
UTC ---
Deployed now. 

Note that the effect of create_function() is to create a global function with a
random name and to return the name. Calling it in a loop will eventually use up
all memory, because there is no way to delete global functions once they are
created. For this reason alone, it shouldn't be used. But it is also slow,
requiring a parse operation that is uncached by APC, and it's insecure in the
sense that eval() is insecure: construction of PHP code can easily lead to
arbitrary execution if user input is included in the code.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Wikibugs-l mailing list

Reply via email to