Missing check in IF statement in buildPHPConfig in Plugin.php

rollbar / rollbar-php-wordpress

Official WordPress plugin from Rollbar, Inc.

https://rollbar.com/

GNU General Public License v2.0

15 stars 20 forks source link

Missing check in IF statement in buildPHPConfig in Plugin.php #106

Closed therealgilles closed 2 years ago

therealgilles commented 2 years ago

On the following line: https://github.com/rollbar/rollbar-php-wordpress/blob/6c33742d9f752749969ea07de20b2569881f7947/src/Plugin.php#L323

I believe there is a missing check as follows:

// if (isset($config[$setting])) {
if (isset($config[$setting]) && 'person_fn' !== $setting) {

danielmorell commented 2 years ago

There is a lot that needs help in that little block of code. The whole eval() thing needs to go away. The way it was initially implemented is a little bit of a footgun. The scary thing is that I'm not entirely sure person_fn was meant to be excluded.

danielmorell commented 2 years ago

I am going to close this issue for now. We will be addressing the greater problem this line is a part of in an upcoming release.