[pmwiki-devel] eval function

[The Editor]

It was pointed out a line like the following can open a security vulnerability

 eval("ZAP$mod('" . $field . "', '" . $value . "');");

as someone could enter "foo'); do-something-nasty(); print(' for the
user supplied value field, and that it should be "escaped".  Could
someone explain how to do this, as I really need this line of code to
automatically detect and activate zap modules.

Thanks again to Stefan for help in pointing this out.

Cheers,
Dan