From aded5841029c0639dd5c9da1bb5c779beda76abf Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Thu, 16 Sep 2004 16:12:21 +0000
Subject: Adding a note about drupal_eval() acting like a variable sandbox.

---
 includes/common.inc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'includes')

diff --git a/includes/common.inc b/includes/common.inc
index 445344f5c..bc9cac4eb 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -1861,6 +1861,9 @@ function mime_header_encode($string, $charset = 'UTF-8') {
  * <?php ?> tags; in other words, we evaluate the code as if it were a stand-alone
  * PHP file.
  *
+ * Using this wrapper also ensures that the PHP code which is evaluated can not
+ * overwrite any variables in the calling code, unlike a regular eval() call.
+ *
  * @param $code
  *   The code to evaluate.
  * @return
-- 
cgit v1.2.3