Is my version secure?

Hi all,

I have PF running on an old site form a couple of years ago (J3.3.6 with PF 3.0) and as it was hacked last week, I'm wondering if the version of PF I have is secure?

I ran a few checks and one of the files (/components/com_pmform/helper/fields.php) flags as possibly malicious!

Any ideas if this is ok or should I think about upgrading? I don't any more functionality and the PF works great, just a bit concerned about security!

Thanks,

Sean.

p.s. specifically this line is suspect:

// Line: 1363
eval($script) ;

Hi

No security issue found for Payment Form in few years (from the date it was born), so it is a secure extension, you can still use it on your site

For that line of code, it is normal. eval function sometime is disabled on some hosting provider for some reasons. However, in that script :

1. It is only used if your form has custom fee calculation script

2. Even if you have custom fee calculation script, that's your own script, so it is secure

So in conclusion, you can keep using that version. Upgrade is better but it is not required

Tuan

As usual, a concise and quick response!

Many thanks Tuan and keep up the good work!

Sean.