MAGETWO-48819: [GitHub #3233] Arbitrary PHP code execution in M2.0.2

Hayder Sharhan · Hayder Sharhan · commit dcb16035d730 · 2016-02-25T11:00:21.000-06:00
- Removed eval statement from phrase parser.
diff --git a/setup/src/Magento/Setup/Module/I18n/Dictionary/Phrase.php b/setup/src/Magento/Setup/Module/I18n/Dictionary/Phrase.php
@@ -275,8 +275,6 @@ private function getCompiledString($string)
             $string = preg_replace('/([^\\\\])' . $encloseQuote . ' ?\. ?' . $encloseQuote . '/', '$1', $string);
             $string = addslashes($string);
         }
-        $evalString = 'return ' . $encloseQuote . $string . $encloseQuote . ';';
-        $result = @eval($evalString);
-        return is_string($result) ? $result :  $string;
+        return $string;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -275,8 +275,6 @@ private function getCompiledString($string)`
`275`	`275`	`$string = preg_replace('/([^\\\\])' . $encloseQuote . ' ?\. ?' . $encloseQuote . '/', '$1', $string);`
`276`	`276`	`$string = addslashes($string);`
`277`	`277`	`}`
`278`		`- $evalString = 'return ' . $encloseQuote . $string . $encloseQuote . ';';`
`279`		`- $result = @eval($evalString);`
`280`		`- return is_string($result) ? $result : $string;`
	`278`	`+ return $string;`
`281`	`279`	`}`
`282`	`280`	`}`