Sandbox ?
This would have to be done _very_ carefully to not leave a backdoor open. PHP offers oh so many ways of accessing the system.
I guess one'd have to start with safe_mode with quite some functions disabled and go from there. But...
BTW: if PHP wants to be the ultimate template engine it needs such a
Maybe it's easier (and safer too) to not eval PHP code from external sources. You'd also have to make sure the output of their code is valid (X)HTML or they could render your whole site invalid (think closing table they didn't open, inserting javascript code and the like). And that's already hard enough as it is. Allowing them to submit SQL queries for example opens up a whole new can of worms.
I guess a sandbox model is something to be thought about for PHP6 ;-)
- Chris
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
