/**
* Called when request iterated.
* @return integer Status.
*/
public function run()
{
$stime = microtime(true);
$this->header('Content-Type: text/html');
$sandbox = new \Runkit_Sandbox(['safe_mode' => true, 'open_basedir' => '/var/www/users/jdoe/', 'allow_url_fopen' => 'false', 'disable_functions' => 'exec,shell_exec,passthru,system', 'disable_classes' => '', 'output_handler' => [$this, 'out']]);
$sandbox->ini_set('html_errors', true);
$sandbox->call_user_func(function () {
echo "Hello World!";
});
}
public function doRequest($request)
{
$uri = str_replace('http://localhost', '', $request->getUri());
$method = strtoupper($request->getMethod());
$parameters = $request->getParameters();
$sandbox = new \Runkit_Sandbox();
$sandbox->_COOKIE = $request->getCookies();
$sandbox->_FILES = $this->remapFiles($request->getFiles());
$sandbox->eval('$_SERVER = unserialize(\'' . serialize(array_merge(['REQUEST_METHOD' => $method, 'REQUEST_URI' => "{$uri}?" . $this->requestParametersToQueryString($parameters), 'PHP_SELF' => 'index.php', 'SERVER_NAME' => 'localhost', 'SCRIPT_NAME' => 'index.php'], $request->getServer())) . '\');');
$sandbox->_REQUEST = $this->remapRequestParameters($parameters);
if ($method == 'GET') {
$sandbox->_GET = $sandbox->_REQUEST;
} else {
$sandbox->_POST = $sandbox->_REQUEST;
}
if ($this->envModifier instanceof \Closure) {
call_user_func($this->envModifier, $sandbox);
}
ob_start();
$sandbox->include($this->index);
$content = ob_get_contents();
ob_end_clean();
$headers = [];
$php_headers = $sandbox->headers_list();
if ($php_headers !== false) {
foreach ($php_headers as $value) {
// Get the header name
$parts = explode(':', $value);
if (count($parts) > 1) {
$name = trim(array_shift($parts));
// Build the header hash map and handle multiple headers with same name
$headers[$name][] = trim(implode(':', $parts));
}
}
}
$headers['Content-type'] = isset($headers['Content-type']) ? $headers['Content-type'] : "text/html; charset=UTF-8";
$response_code = $sandbox->http_response_code();
if ($response_code === false) {
// It wasn't set, so it's default
$response_code = 200;
}
$response = new Response($content, $response_code, $headers);
return $response;
}
<?php
function my_func()
{
return __FUNCTION__;
}
include_once 'foo.php';
$php1 = new Runkit_Sandbox();
$php1->eval("include_once('foo.php');Foo::bar();");
echo "Global Scope: [" . Foo::$baz . "] ---> 0\n";
$php2 = new Runkit_Sandbox();
$php2->eval('include_once("foo.php");');
$php2->eval('$karma = 15;');
$php2->eval('Foo::bar();');
$php2->eval('echo "PHP2 Scope: [" . Foo::$baz . "] ---> 1\\n";');
echo "Getting karma out: [" . $php2->karma . "] ---> 15\n";
$php2->eval('$karma++;');
$php2->eval('echo "increased karma: [". $karma ."] ---> 16\\n";');
// $php2->eval('echo my_func();');
function replaceFills($string)
{
//get all basic variablenames and set the as global;
$globalsStr = getVariablesAsGlobal($string);
//get fills
preg_match_all('/\\^\\s*(.*?)\\s*\\^/si', $string, $matches);
if (isset($matches[1])) {
if (class_exists('Runkit_Sandbox')) {
//save eval!
$options = array('safe_mode' => true, 'open_basedir' => '/var/www/users/jdoe/', 'allow_url_fopen' => 'false', 'disable_functions' => 'exec,shell_exec,passthru,system', 'disable_classes' => 'myAppClass');
$sandbox = new Runkit_Sandbox($options);
$sandbox->ini_set('html_errors', true);
}
global $survey;
foreach ($matches[1] as $match) {
$value = isset($sandbox) ? $sandbox->eval($globalsStr . 'return ' . $match . ';') : eval($globalsStr . 'return ' . $match . ';');
$string = str_replace('^' . $match . '^', $value, $string);
}
}
return $string;
}
