php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #41657 Would like to eval() in a separate code space
Submitted: 2007-06-11 19:14 UTC Modified: 2018-04-08 21:08 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: timothy dot j dot gustafson at gmail dot com Assigned:
Status: Suspended Package: Unknown/Other Function
PHP Version: 5.2.3 OS: FreeBSD 6.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
14 + 14 = ?
Subscribe to this entry?

 
 [2007-06-11 19:14 UTC] timothy dot j dot gustafson at gmail dot com 
Description:
------------
I think it would be handy if there were a version of eval() that executed the code specified in a separate code space from the primary PHP execution.  This would be tremendously handy when you're executing code from an untrusted source, for example if you wanted to create some sort of plug-in system for your web app that would allow the user's code to be executed on the web server, but in a more controlled environment than the main PHP script itself.

When the user's code gets executed, it should not have access to any variables, other than perhaps the superglobals.  It would be really nice if you could also specify a different php.ini file for this "virtual" execution, so you could do things like set open_basedir and disable_functions.

Reproduce code:
---------------
None!

Expected result:
----------------
None!

Actual result:
--------------
None!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-31 00:13 UTC] cmb@php.net
-Package: Feature/Change Request +Package: Unknown/Other Function
 [2018-04-08 21:08 UTC] cmb@php.net
-Status: Open +Status: Suspended
 [2018-04-08 21:08 UTC] cmb@php.net 
Well, there is already Runkit_Sandbox[1].  Moving similar
functionality to the core would certainly require the RFC
process[2].  Anybody is welcome to start it.  For the time being,
I'm suspending this ticket.

[1] <http://www.php.net/manual/en/runkit.sandbox.php>
[2] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 07:01:27 2024 UTC