PHP sandbox/sanitize code passed to create_function

Posted by kpowerinfinity on Stack Overflow See other posts from Stack Overflow or by kpowerinfinity
Published on 2009-05-05T15:27:37Z Indexed on 2010/03/28 14:23 UTC
Read the original article Hit count: 457

Filed under:

php

|

sandbox

|

create-function

|

lambda

|

sanitizer

Hello,

I am using create_function to run some user-code at server end. I am looking for any of these two:

Is there a way to sanitize the code passed to it to prevent something harmful from executing?
Alternately, is there a way to specify this code to be run in a sandboxed environment so that the user can't play around with anything else.

Thanks!

© Stack Overflow or respective owner

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about sandbox

Paypal (sandbox) buy now link redirects to paypal (sandbox) login page instead of order summary

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Before going live I try to test the paypal process against the paypal sandbox mode, but after the summary of what the user is going to pay on my website(buy now button), the link does not redirect to a paypal summary of the prder but ask the user to connect to paypal. Even after logging into the… >>> More
PHP/Linux File Permissions

as seen on Server Fault - Search for 'Server Fault'
May I ask a question about file permission. I set up Ubuntu server where Apache got running. I have simple php upload form and able to upload file to /var/www/site/uploads as follows. sandbox@sandbox-virtual-machine:/var/www/site/uploads$ ll total 1736 drwxrwxrwx 2 www-data www-data 4096 Oct 18… >>> More
Sandbox path for xenocode

as seen on Stack Overflow - Search for 'Stack Overflow'
How to get sandbox path at runtime in vb.net (for xenocode)? or What's real path of application? >>> More
Sandbox paypal not returning success in query string

as seen on Stack Overflow - Search for 'Stack Overflow'
I have integrated sandbox paypal into my application.After successful payment i am not getting success in the query string.Instead i get is return to merchant but if i do cancel i get the cancel in the query string >>> More
MySQL Clustering in a Sandbox

as seen on Internet.com - Search for 'Internet.com'
MySQL's unique architecture allows for plugin storage engines. There is the MyISAM storage engine, the ARCHIVE storage engine and the InnoDB storage engine; so it makes sense then that MySQL's clustering solution involves a storage engine as well, namely the NDB (Network DataBase) storage engine. >>> More