/** * Called when request iterated. * @return integer Status. */ public function run() { $stime = microtime(true); $this->header('Content-Type: text/html'); $sandbox = new \Runkit_Sandbox(['safe_mode' => true, 'open_basedir' => '/var/www/users/jdoe/', 'allow_url_fopen' => 'false', 'disable_functions' => 'exec,shell_exec,passthru,system', 'disable_classes' => '', 'output_handler' => [$this, 'out']]); $sandbox->ini_set('html_errors', true); $sandbox->call_user_func(function () { echo "Hello World!"; }); }
public function doRequest($request) { $uri = str_replace('http://localhost', '', $request->getUri()); $method = strtoupper($request->getMethod()); $parameters = $request->getParameters(); $sandbox = new \Runkit_Sandbox(); $sandbox->_COOKIE = $request->getCookies(); $sandbox->_FILES = $this->remapFiles($request->getFiles()); $sandbox->eval('$_SERVER = unserialize(\'' . serialize(array_merge(['REQUEST_METHOD' => $method, 'REQUEST_URI' => "{$uri}?" . $this->requestParametersToQueryString($parameters), 'PHP_SELF' => 'index.php', 'SERVER_NAME' => 'localhost', 'SCRIPT_NAME' => 'index.php'], $request->getServer())) . '\');'); $sandbox->_REQUEST = $this->remapRequestParameters($parameters); if ($method == 'GET') { $sandbox->_GET = $sandbox->_REQUEST; } else { $sandbox->_POST = $sandbox->_REQUEST; } if ($this->envModifier instanceof \Closure) { call_user_func($this->envModifier, $sandbox); } ob_start(); $sandbox->include($this->index); $content = ob_get_contents(); ob_end_clean(); $headers = []; $php_headers = $sandbox->headers_list(); if ($php_headers !== false) { foreach ($php_headers as $value) { // Get the header name $parts = explode(':', $value); if (count($parts) > 1) { $name = trim(array_shift($parts)); // Build the header hash map and handle multiple headers with same name $headers[$name][] = trim(implode(':', $parts)); } } } $headers['Content-type'] = isset($headers['Content-type']) ? $headers['Content-type'] : "text/html; charset=UTF-8"; $response_code = $sandbox->http_response_code(); if ($response_code === false) { // It wasn't set, so it's default $response_code = 200; } $response = new Response($content, $response_code, $headers); return $response; }
<?php function my_func() { return __FUNCTION__; } include_once 'foo.php'; $php1 = new Runkit_Sandbox(); $php1->eval("include_once('foo.php');Foo::bar();"); echo "Global Scope: [" . Foo::$baz . "] ---> 0\n"; $php2 = new Runkit_Sandbox(); $php2->eval('include_once("foo.php");'); $php2->eval('$karma = 15;'); $php2->eval('Foo::bar();'); $php2->eval('echo "PHP2 Scope: [" . Foo::$baz . "] ---> 1\\n";'); echo "Getting karma out: [" . $php2->karma . "] ---> 15\n"; $php2->eval('$karma++;'); $php2->eval('echo "increased karma: [". $karma ."] ---> 16\\n";'); // $php2->eval('echo my_func();');
function replaceFills($string) { //get all basic variablenames and set the as global; $globalsStr = getVariablesAsGlobal($string); //get fills preg_match_all('/\\^\\s*(.*?)\\s*\\^/si', $string, $matches); if (isset($matches[1])) { if (class_exists('Runkit_Sandbox')) { //save eval! $options = array('safe_mode' => true, 'open_basedir' => '/var/www/users/jdoe/', 'allow_url_fopen' => 'false', 'disable_functions' => 'exec,shell_exec,passthru,system', 'disable_classes' => 'myAppClass'); $sandbox = new Runkit_Sandbox($options); $sandbox->ini_set('html_errors', true); } global $survey; foreach ($matches[1] as $match) { $value = isset($sandbox) ? $sandbox->eval($globalsStr . 'return ' . $match . ';') : eval($globalsStr . 'return ' . $match . ';'); $string = str_replace('^' . $match . '^', $value, $string); } } return $string; }