|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #41657 Would like to eval() in a separate code space
Submitted: 2007-06-11 19:14 UTC Modified: 2018-04-08 21:08 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: timothy dot j dot gustafson at gmail dot com Assigned:
Status: Suspended Package: Unknown/Other Function
PHP Version: 5.2.3 OS: FreeBSD 6.2
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-06-11 19:14 UTC] timothy dot j dot gustafson at gmail dot com
I think it would be handy if there were a version of eval() that executed the code specified in a separate code space from the primary PHP execution.  This would be tremendously handy when you're executing code from an untrusted source, for example if you wanted to create some sort of plug-in system for your web app that would allow the user's code to be executed on the web server, but in a more controlled environment than the main PHP script itself.

When the user's code gets executed, it should not have access to any variables, other than perhaps the superglobals.  It would be really nice if you could also specify a different php.ini file for this "virtual" execution, so you could do things like set open_basedir and disable_functions.

Reproduce code:

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-31 00:13 UTC]
-Package: Feature/Change Request +Package: Unknown/Other Function
 [2018-04-08 21:08 UTC]
-Status: Open +Status: Suspended
 [2018-04-08 21:08 UTC]
Well, there is already Runkit_Sandbox[1].  Moving similar
functionality to the core would certainly require the RFC
process[2].  Anybody is welcome to start it.  For the time being,
I'm suspending this ticket.

[1] <>
[2] <>
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Aug 07 16:05:45 2022 UTC