On 03/06/2012 06:03 AM, John Crenshaw wrote: > I've seen a simple "safe" code evaluator put together using token_get_all. > I'm certain that you could create an include_restricted() function in > userland using a similar system: walk through the tokens looking for anything > forbidden (this will be tricky, because there are a lot of nooks that things > could hide, like superglobals), then if everything looks good include the > file. Use a caching system of some sort to improve performance and eliminate > redundant checks.
Yeah, a token approach wouldn't work. $a = 'mysql_connect'; $a($args); trivially circumvents that. It would have to build new function/class hashtables directly which is rather expensive so from a performance perspective this would not be pretty. I suppose an opcode cache could cache these to speed this up quite a bit, but there would still need to be extra gear in place to manage multiple hash tables and some code to check if there was an overriding hash to be used for every op_array. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
