Disallow use some functions in PHP

Question

I have an application which reads a textarea and runs the textarea as a PHP file.

The textarea content is saved in a txt file and runs with eval(file_get_contents('myfile.txt')); but I want only to allow user to use echo, if statement, for, while without using mysql(i) functions and some other functions like unlink.

EDIT A little bit more explaining: How can I disallow in a specific file using php functions like mysql and file functions ?

Is there any options to do this?

eval is evil so why you use it? but to your task ... maybe this helps http://stackoverflow.com/questions/13723623/restrictions-for-php-eval — donald123, Jul 28 '15 at 12:09
e.g. http://stackoverflow.com/questions/951373/when-is-eval-evil-in-php — donald123, Jul 28 '15 at 12:11
or this one http://blogs.msdn.com/b/ericlippert/archive/2003/11/01/53329.aspx — donald123, Jul 28 '15 at 12:12

score 0 · Answer 1 · answered Jul 28 '15 at 12:17

0

Another way, you could try php sandbox: https://github.com/fieryprophet/php-sandbox

answered Jul 28 '15 at 12:17

jianfyun

71
1
4

score 0 · Answer 2 · answered Jul 28 '15 at 12:18

well, maybe you can use this solution. php override_function. if you really want to use eval, and make it safe. you are going to work hard. but basically if you don't want to write your private php parser like customEval(). you can just override php native functions

override_function('file_put_contents', '$a', 'echo file_put_contents not allowed...;');

the problem with that solution: if you will need one of this functions after the eval(), you can't use them. unless you'll override the override. 2nd problem, the overriding list might be long (:

Disallow use some functions in PHP

2 Answers2