Title: Widget logic security?
Last modified: August 20, 2016

---

# Widget logic security?

 *  [GabSoftware](https://wordpress.org/support/users/gabsoftware/)
 * (@gabsoftware)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/widget-logic-security/)
 * Hi,
 * I like Widget logic a lot, but after a quick look at the source code, I see that
   it uses the eval() PHP function and does not seem to sanitize POST input. I would
   like to know if this plugin is safe to use.
 * Regards,
 * Gabriel Hautclocq

Viewing 1 replies (of 1 total)

 *  [alanft](https://wordpress.org/support/users/alanft/)
 * (@alanft)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/widget-logic-security/#post-2190173)
 * When I first released WL I worried about the simple eval. Since then I took out
   the warning in the read me as it seemed to worry no one.
 * And that’s largely because the code that gets eval’d isn’t from general user 
   data submitted via post/get etc, but as spec’d by the site admin only. Of course
   that code can include ref to $_GET etc if so desired, but the point of the plugin
   is to give the admin that max unfiltered flexibility, and the code would need
   to be sanitised if it does depend on client input. 90%+ of the time, code is 
   purely down to the internal state of WP code via conditional tags etc
 * Hope this helps. Also thanks for the chance to air this – it’s been some time
   since it was last brought up. Quite happy to discuss if things need to change.

Viewing 1 replies (of 1 total)

The topic ‘Widget logic security?’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/widget-logic_c8dde5.svg)
 * [Widget Logic](https://wordpress.org/plugins/widget-logic/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/widget-logic/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/widget-logic/)
 * [Active Topics](https://wordpress.org/support/plugin/widget-logic/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/widget-logic/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/widget-logic/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [alanft](https://wordpress.org/support/users/alanft/)
 * Last activity: [14 years, 10 months ago](https://wordpress.org/support/topic/widget-logic-security/#post-2190173)
 * Status: not resolved