CleanTalk plugin reports S2member PHP code as 'dangerous'

I installed CleanTalk’s security plugin and it has reported two s2Member files during a Malware scan. This is the warning:

"These files may not contain malicious code but they use very dangerous PHP functions and constructions! PHP developers don’t recommend to use such code besides it looks very suspicious.

Failed files: 2

Path Modify time MD5 Hash Plugin
/wp-content/plugins/s2member-pro/src/includes/classes/gateways/ccbill/ Apr 14 2020 18:02:53 75756a016a404b04ee814d306a8c880f -
/wp-content/plugins/s2member-pro/src/includes/classes/ Apr 14 2020 18:02:46 9aff17aab3f1a258df3c7afe4df41ce2 -

Just wondering how risky this is?

Kind regards

1 Like

On a quick glance through the code the only thing that jumps out is the use of eval().

That’s a standard security plugin nag…“eval() is Evil”. Doesn’t mean it is not safe code. That’s why they say “may not”.

I have looked at the two eval calls and they appear to me to be benign. Uselessly “clever” but benign.

@clavaque - in the next release can you look to replace these two eval() calls so that navel-gazing security plugins don’t false flag a problem.

Thanks @brianv2v1 for flagging this. Replacing the eval() calls won’t make the code safer but it’s usually good in the long run to eliminate security plugin nags :slight_smile:

1 Like

Thanks for your comments Tim. I half expected it to be over caution on the part of CleanTalk but I second the view that a tweaking of the code in an update would be a good idea!
Stay safe Brian

I have exactly the same problem. For both suspicious lines, CleanTalk offers a possibility to “Approve” them. Should I do that?