Promote products derived from this software without specific * The names of the contributors may not be used to endorse or * Redistributions in binary form must reproduce the aboveĬopyright notice, this list of conditions and the followingĭisclaimer in the documentation and/or other materials provided Notice, this list of conditions and the following disclaimer. * Redistributions of source code must retain the above copyright Modification, are permitted provided that the following conditions are Redistribution and use in source and binary forms, with or without Can intercept callbacks and validate them against function whitelists and blacklists, even if they are called as stringsĬopyright (c) 2013-2015 by Elijah Horton (fieryprophet ).Can specify a validation error handler to intercept thrown validation errors and handle them with custom logic.Can specify a custom exception handler to intercept thrown exceptions and handle them with custom logic.Can specify a custom error handler to intercept PHP errors and handle them with custom logic.Can define custom validation functions for fine-grained control of every element of the sandbox.Can access the parsed, prepared and generated code ASTs for further analysis or for serialization.Can pass arguments directly to the sandboxed code through the execute method to reveal chosen outside variables to the sandbox.Can retrieve the generated sandbox code for later usage.Can prepend and append trusted code to setup and tear down the sandbox, and automatically whitelist the classes, functions, variables, etc.Can selectively allow and disallow function creation, class declarations, constant definitions, keywords, and much more.Can overwrite the get_defined_* and get_declared_* functions to show only allowed functions, classes, etc.Can redefine superglobals and magic constants to expose your own values to sandboxed code.Can redefine internal PHP and other functions to make them more secure for sandbox usage.Includes dynamic demonstration system that allows for local testing of custom sandbox configurations.Finegrained whitelisting and blacklisting, with sensible defaults configured.It also utilizes FunctionParser to disassemble callables passed to the sandbox, so that PHP callables can also be run in sandboxes without first converting them into strings. #A full-scale PHP 5.3.2+ sandbox class that utilizes PHP-Parser to prevent sandboxed code from running unsafe code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |