raamdev
commented
7 years ago This ☝️ was actually incorrect. eval() is still used in many places throughout the codebase for parsing customized templates and for making shortcodes in Simple templates possible.
I'm still reconsidering how we can simplify the codebase to reduce dependency on eval(), but I'm going to close this issue for now and open a separate one when I make a decision on a way forward.
In v161118 we removed the use of
eval()when parsing templates, however we're still requiring that function to be available, which is problomatic for sites that disableeval()for security purposes.I did a quick search through the codebase and I'm not seeing anywhere that
eval()is currently being used, so this should be removed as a requirement for the next update.