markjaquith
commented
7 years ago First, I don't recommend using eval(), and definitely not passing through a shortcode. Anyone who gains access to a Contributor-level account or higher can access arbitrary PHP on your server!
Next, you should be using ob_end_clean(), not ob_end_flush(), as you don't want any output to be echoed.
Next, I'm guessing what's happening is that the single quotes around 'hello' are getting "curled" by WordPress and turned into HTML entities. The & character on those HTML entities is causing a PHP parsing error.
hi Mark, I am trying create a shortcode based plugin. I am trying to run the php code enclosed in the shortcode. The shortcode is working fine but the eval() that I use in shortcode handler is throwing some parse error: Parse error: syntax error, unexpected ‘&’ in XXXXX.php(32) : eval()’d code on line 1 shortcode handler:
if(is_null($content)){ return " "; }else{ ob_start(); eval($content); $evaluated_content = ob_get_contents(); ob_end_flush(); return $evaluated_content; } shortcode usage:
[shortcode]echo 'hello';[/shortcode] Please help me out.
if i pass the same code as a string to eval() directly then it works fine but when the string is coming from shortcode then it gives the parse error