Breeze Plugin flagged as malicious


#1

Hey Cloudways team,

The following function in /breeze/inc/minification/breeze-minification-base.php is being falsely flagged as malicious from scanners:

    protected function inject_minified($in) {
    if ( strpos( $in, '%%INJECTLATER%%' ) !== false ) {
        $out = preg_replace_callback(
            '#%%INJECTLATER'.breeze_HASH.'%%(.*?)%%INJECTLATER%%#is',
            create_function(
                '$matches',
                '$filepath=base64_decode(strtok($matches[1],"|"));
                $filecontent=file_get_contents($filepath);

                // remove BOM
                $filecontent = preg_replace("#\x{EF}\x{BB}\x{BF}#","",$filecontent);

                // remove comments and blank lines
                if (substr($filepath,-3,3)===".js") {
                    $filecontent=preg_replace("#^\s*\/\/.*$#Um","",$filecontent);
                }

                $filecontent=preg_replace("#^\s*\/\*[^!].*\*\/\s?#Us","",$filecontent);
                $filecontent=preg_replace("#(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+#", "\n", $filecontent);

                // specific stuff for JS-files
                if (substr($filepath,-3,3)===".js") {
                    if ((substr($filecontent,-1,1)!==";")&&(substr($filecontent,-1,1)!=="}")) {
                        $filecontent.=";";
                    }

                    if (get_option("breeze_js_trycatch")==="on") {
                        $filecontent="try{".$filecontent."}catch(e){}";
                    }
                } else if ((substr($filepath,-4,4)===".css")) {
                    $filecontent=Breeze_MinificationStyles::fixurls($filepath,$filecontent);
                }

                // return 
                return "\n".$filecontent;'
            ),
            $in
        );

I’d recommend you guys take a look to rework it so it does not get flagged anymore, thanks!


#2

Thank you for your great input.