Rather than setting the value directly, minimize exposure to eval() in update_config_field() from wizard.php by constructing a variable reference, then set the value using the reference rather than passing user input through eval(). Fixes #7230
Related issues
Bug #7230: wizard.php - update_config_field() uses eval to set a value in a way that allows variable protections to be bypassed
Added by Jim Pingle over 8 years ago
Rather than setting the value directly, minimize exposure to eval() in update_config_field() from wizard.php by constructing a variable reference, then set the value using the reference rather than passing user input through eval(). Fixes #7230