function php_execute_sandboxed($code)
{
// Blacklist
$blackList = ["phpinfo", "file_get_contents", "exec", "passthru", "system", "shell_exec", "`", "popen", "proc_open", "pcntl_exec", "eval", "assert", "create_function", "include", "include_once", "require", "require_once", "ReflectionFunction", "posix_mkfifo", "posix_getlogin", "posix_ttyname", "getenv", "get_current_user", "proc_get_status", "get_cfg_var", "disk_free_space", "disk_total_space", "diskfreespace", "getcwd", "getlastmo", "getmygid", "getmyinode", "getmypid", "getmyuid", "extract", "parse_str", "putenv", "ini_set", "mail", "header", "proc_nice", "proc_terminate", "proc_close", "pfsockopen", "fsockopen", "apache_child_terminate", "posix_kill", "posix_mkfifo", "posix_setpgid", "posix_setsid", "posix_setuid", "fopen", "tmpfile", "bzopen", "gzopen", "SplFileObject", "chgrp", "chmod", "chown", "copy", "file_put_contents", "lchgrp", "lchown", "link", "mkdir", "move_uploaded_file", "rename", "rmdir", "symlink", "tempnam", "touch", "unlink", "imagepng", "imagewbmp", "image2wbmp", "imagejpeg", "imagexbm", "imagegif", "imagegd", "imagegd2", "iptcembed", "ftp_get", "ftp_nb_get", "file_exists", "file_get_contents", "file", "fileatime", "filectime", "filegroup", "fileinode", "filemtime", "fileowner", "fileperms", "filesize", "filetype", "glob", "is_dir", "is_executable", "is_file", "is_link", "is_readable", "is_uploaded_file", "is_writable", "is_writeable", "linkinfo", "lstat", "parse_ini_file", "pathinfo", "readfile", "readlink", "realpath", "stat", "gzfile", "readgzfile", "getimagesize", "imagecreatefromgif", "imagecreatefromjpeg", "imagecreatefrompng", "imagecreatefromwbmp", "imagecreatefromxbm", "imagecreatefromxpm", "ftp_put", "ftp_nb_put", "exif_read_data", "read_exif_data", "exif_thumbnail", "exif_imagetype", "hash_file", "hash_hmac_file", "hash_update_file", "md5_file", "sha1_file", "highlight_file", "show_source", "php_strip_whitespace", "get_meta_tags", "set_time_limit", "call_user_func", "call_user_func_array", "php_execute_raw", 'Composer\\Autoload\\includeFile'];
$whiteList = array('print_r', 'preg_match', 'preg_replace', 'preg_match_all');
$sandbox = new \PHPSandbox\PHPSandbox();
$sandbox->blacklist_func($blackList);
// $sandbox->whitelist_func($whiteList);
$sandbox->allow_functions = true;
$sandbox->allow_closures = true;
$sandbox->allow_constants = true;
$sandbox->allow_aliases = false;
$sandbox->allow_interfaces = true;
$sandbox->allow_casting = true;
$sandbox->allow_classes = true;
$sandbox->error_level = false;
//rewrite preg_replace function to override attempts to use PREG_REPLACE_EVAL
$sandbox->define_func('preg_replace', function ($pattern, $replacement, $subject, $limit = -1, &$count = null) {
if (is_array($pattern)) {
foreach ($pattern as $_pattern) {
if (strtolower(substr($_pattern, -1)) == 'e') {
throw new Exception("Can not use PREG_REPLACE_EVAL!");
}
}
} else {
if (strtolower(substr($pattern, -1)) == 'e') {
throw new Exception("Can not use PREG_REPLACE_EVAL!");
}
}
return preg_replace($pattern, $replacement, $subject, $limit, $count);
});
$sandbox->execute($code);
}
function test_init()
{
$sandbox = new PHPSandbox\PHPSandbox();
$sandbox->whitelist_func('test');
try {
$result = $sandbox->execute(function () {
return test('world');
});
} catch (Exception $e) {
$result = $e;
}
var_dump($result);
//Hello world
}
die(json_encode(array('message' => 'The template could not be saved because the requested template name was invalid. Please rename your template and try again.', 'success' => false)));
}
$cnt = '001';
if (isset($_POST['download'])) {
$filename = $filename . '.json';
} else {
$cnt = count(glob('templates/*.json')) + 1;
$filename = str_pad($cnt, 3, '0', STR_PAD_LEFT) . ' - ' . $filename . '.json';
}
if (!isset($_POST['download']) && file_exists('templates/' . $filename)) {
header('Content-type: text/html');
die(json_encode(array('message' => 'The template could not be saved because the another template already exists with the same name. Please rename your template and try again.', 'success' => false)));
}
$data = array('code' => $code, 'setup_code' => $setup_code, 'prepend_code' => $prepend_code, 'append_code' => $append_code, 'options' => null, 'whitelist' => $whitelist, 'blacklist' => $blacklist, 'definitions' => $definitions);
if (count($options)) {
$sandbox = new \PHPSandbox\PHPSandbox();
foreach ($options as $name => $value) {
if ($name == 'error_level' && $value != error_reporting() || $name != 'error_level' && $sandbox->getOption($name) != $value) {
//save unique options only
$data['options'][$name] = $value;
}
}
}
if (isset($_POST['download'])) {
header('Content-disposition: attachment; filename="' . $filename . '";');
header('Content-type: application/json');
die(json_encode($data));
} else {
if (file_put_contents('templates/' . $filename, json_encode($data))) {
header('Content-type: text/html');
die(json_encode(array('message' => 'The template "' . $template . '" was saved successfully!', 'name' => $cnt . ' - ' . $template, 'file' => $filename, 'success' => true)));
