ansaurus

Question

Is there a way to execute php code in a sandbox from within php

Answer 1

+3 A:

There is runkit, but you may find it simpler to just call the script over the command line (Use shell_exec), if you don't need any interaction between the master and child processes.

troelskn 2008-11-27 22:23:14

About runkit; it does not seem to sandbox well by description, or I maybe should say easy.You can forbid functions, but I would rather like to forbid ALL but those in a provided list. If an user needs a function I can evaluate its safety by hand upon request.It seems like the only way is to write a custom made interpreter. If speed is an issue you can make it convert its AST into PHP or an other language, this is actually what I'm gonna do now as I could not find a ready solution.Cheers!Ps. Yes, I saw that this Q is old. Ds.

Frank 2010-06-14 15:38:55

Well .. Good luck finding something that can parse PHP into an AST ;) I concur with your point though.

troelskn 2010-06-14 17:27:57

FYI runkit seems to be abandoned and you'll probably want to compile either the CVS version or one of the patched versions (http://github.com/tricky/runkit) if you want to run it on a modern version of PHP

Eli 2010-07-21 14:21:57

Answer 2

+1 A:

Also, you should look at the backtick operator:

$sOutput = `php script_to_run.php`;

This will allow you to inspect the output from the script you are running. However, note that the script will be run with the privileges you have, but you can circumvent this by using sudo on Linux.

This approach also assumes that you have the PHP CLI installed, which is not always the case.

Vegard Larsen 2008-11-28 11:04:23

ansaurus

tags:

views:

answers:

Is there a way to execute php code in a sandbox from within php

related questions