php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #41657 Would like to eval() in a separate code space
Submitted: 2007-06-11 19:14 UTC Modified: 2018-04-08 21:08 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: timothy dot j dot gustafson at gmail dot com Assigned:
Status: Suspended Package: Unknown/Other Function
PHP Version: 5.2.3 OS: FreeBSD 6.2
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: timothy dot j dot gustafson at gmail dot com
New email:
PHP Version: OS:

 

 [2007-06-11 19:14 UTC] timothy dot j dot gustafson at gmail dot com 
Description:
------------
I think it would be handy if there were a version of eval() that executed the code specified in a separate code space from the primary PHP execution.  This would be tremendously handy when you're executing code from an untrusted source, for example if you wanted to create some sort of plug-in system for your web app that would allow the user's code to be executed on the web server, but in a more controlled environment than the main PHP script itself.

When the user's code gets executed, it should not have access to any variables, other than perhaps the superglobals.  It would be really nice if you could also specify a different php.ini file for this "virtual" execution, so you could do things like set open_basedir and disable_functions.

Reproduce code:
---------------
None!

Expected result:
----------------
None!

Actual result:
--------------
None!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-31 00:13 UTC] cmb@php.net
-Package: Feature/Change Request +Package: Unknown/Other Function
 [2018-04-08 21:08 UTC] cmb@php.net
-Status: Open +Status: Suspended
 [2018-04-08 21:08 UTC] cmb@php.net 
Well, there is already Runkit_Sandbox[1].  Moving similar
functionality to the core would certainly require the RFC
process[2].  Anybody is welcome to start it.  For the time being,
I'm suspending this ticket.

[1] <http://www.php.net/manual/en/runkit.sandbox.php>
[2] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 08:01:35 2025 UTC