id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
10650	eval() in wp-admin/includes/class-pclzip.php should be replaced	Hans Spath	westi	"On some systems eval() is disabled due to security reasons.

In wp-admin/includes/class-pclzip.php eval() is used several times like this:

{{{
      // ----- Call the callback
      // Here I do not use call_user_func() because I need to send a reference to the
      // header.
      eval('$v_result = '.$p_options[PCLZIP_CB_PRE_ADD].'(PCLZIP_CB_PRE_ADD, $v_local_header);');
}}}

It's true that passing references with call_user_func() is a problem, but you can use either
{{{
    $v_result = $p_options[PCLZIP_CB_PRE_ADD] (PCLZIP_CB_PRE_ADD, $v_local_header);
}}}
or
{{{
    $v_result = call_user_func_array($p_options[PCLZIP_CB_PRE_ADD], array(PCLZIP_CB_PRE_ADD, &$v_local_header));
}}}
instead."	defect (bug)	closed	normal	2.9	Administration		normal	fixed