CleanTalk plugin reports S2member PHP code as 'dangerous'

brianv2v1 · 15 April 2020 20:05

I installed CleanTalk’s security plugin and it has reported two s2Member files during a Malware scan. This is the warning:

"These files may not contain malicious code but they use very dangerous PHP functions and constructions! PHP developers don’t recommend to use such code besides it looks very suspicious.

Failed files: 2

Path	Modify time	MD5 Hash	Plugin
/wp-content/plugins/s2member-pro/src/includes/classes/gateways/ccbill/ccbill-button-in.inc.php	Apr 14 2020 18:02:53	75756a016a404b04ee814d306a8c880f	-
/wp-content/plugins/s2member-pro/src/includes/classes/user-drip-access.inc.php	Apr 14 2020 18:02:46	9aff17aab3f1a258df3c7afe4df41ce2	-

Just wondering how risky this is?

Kind regards
Brian

onepresstech · 15 April 2020 23:09

On a quick glance through the code the only thing that jumps out is the use of eval().

That’s a standard security plugin nag…“eval() is Evil”. Doesn’t mean it is not safe code. That’s why they say “may not”.

I have looked at the two eval calls and they appear to me to be benign. Uselessly “clever” but benign.

@clavaque - in the next release can you look to replace these two eval() calls so that navel-gazing security plugins don’t false flag a problem.

Thanks @brianv2v1 for flagging this. Replacing the eval() calls won’t make the code safer but it’s usually good in the long run to eliminate security plugin nags

brianv2v1 · 16 April 2020 09:22

Thanks for your comments Tim. I half expected it to be over caution on the part of CleanTalk but I second the view that a tweaking of the code in an update would be a good idea!
Stay safe Brian

auctmore · 2 May 2020 10:33

I have exactly the same problem. For both suspicious lines, CleanTalk offers a possibility to “Approve” them. Should I do that?