Title: Defender checks suspicious function
Last modified: July 3, 2019

---

# Defender checks suspicious function

 *  Resolved [biskootz](https://wordpress.org/support/users/biskootz/)
 * (@biskootz)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/defender-checks-suspicious-function/)
 * Hi,
 * I have [Defender](https://premium.wpmudev.org/project/wp-defender/) plugin installed
   in my web. After scanning, the plugin shown several issues as below from your
   plugin file: wp-crontrol/wp-crontrol.php. Just want to confirm whether these 
   checks are false so I can safely ignore the issues.
 *     ```
       The function eval called at line 68 column 3, which should be avoided whenever possible.
   
       The function extract line 87 column 4 execute using unsanitize user inputs
   
       The function extract line 107 column 4 execute using unsanitize user inputs
   
       The function extract line 128 column 4 execute using unsanitize user inputs
   
       The function extract line 152 column 4 execute using unsanitize user inputs
       ```
   
 * Thanks
    -  This topic was modified 6 years, 11 months ago by [biskootz](https://wordpress.org/support/users/biskootz/).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [John Blackbourn](https://wordpress.org/support/users/johnbillion/)
 * (@johnbillion)
 * WordPress Core Developer
 * [6 years, 11 months ago](https://wordpress.org/support/topic/defender-checks-suspicious-function/#post-11699907)
 * Thanks for the message.
 * The call to `eval` only ever operates on PHP that is entered by a user who has
   the `edit_files` capability, by adding a `PHP Cron Event`. If a user cannot edit
   files, they cannot add PHP that gets passed to this call to `eval`.
 * The calls to `extract` are less than ideal and I want to remove them at some 
   point, but they are safe due to their use of the `$prefix` parameter and the 
   fact that the resulting `$in_*` variables are validated and sanitised as necessary
   depending on the action being performed.
 *  Thread Starter [biskootz](https://wordpress.org/support/users/biskootz/)
 * (@biskootz)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/defender-checks-suspicious-function/#post-11700290)
 * Thanks for the reply and explanation.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Defender checks suspicious function’ is closed to new replies.

 * ![](https://ps.w.org/wp-crontrol/assets/icon.svg?rev=3539529)
 * [WP Crontrol](https://wordpress.org/plugins/wp-crontrol/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-crontrol/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-crontrol/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-crontrol/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-crontrol/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-crontrol/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [biskootz](https://wordpress.org/support/users/biskootz/)
 * Last activity: [6 years, 11 months ago](https://wordpress.org/support/topic/defender-checks-suspicious-function/#post-11700290)
 * Status: resolved