On Tue, Oct 21, 2003 at 02:48:09AM +0200, Honza Malik wrote:
:
: I want to give administrators of our CMS the possibility to use PHP commands
: in HTML templates. Templates are parsed by our PHP script.
:
: The problem is, that I don't want administrators to be able to list our
: $GLOBALS (where is database password) or call our functions. Is there the
: possibility to run administrator's PHP code (from our PHP) in clean
: environment? Other solution?
PHP doesn't really have the concept of a "safe interpreter". The next
best thing is to take a look at PHP's safe mode stuff and see what you
can tweek:
http://www.php.net/manual/en/features.safe-mode.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
