You can pass a string of variable name, or pass an array of the variable names to whitelist
public whitelistVar ( string | array $name ) | ||
$name | string | array | String of variable name or array of variable names to whitelist |
/** Examine the current PhpParser\Node node against the PHPSandbox configuration for whitelisting sandboxed code * * @param Node $node The sandboxed $node to examine * * @return null */ public function leaveNode(Node $node) { if ($node instanceof Node\Stmt\Class_ && is_string($node->name) && $this->sandbox->allow_classes && $this->sandbox->auto_whitelist_classes && !$this->sandbox->hasBlacklistedClasses()) { $this->sandbox->whitelistClass($node->name); $this->sandbox->whitelistType($node->name); } else { if ($node instanceof Node\Stmt\Interface_ && is_string($node->name) && $this->sandbox->allow_interfaces && $this->sandbox->auto_whitelist_interfaces && !$this->sandbox->hasBlacklistedInterfaces()) { $this->sandbox->whitelistInterface($node->name); } else { if ($node instanceof Node\Stmt\Trait_ && is_string($node->name) && $this->sandbox->allow_traits && $this->sandbox->auto_whitelist_traits && !$this->sandbox->hasBlacklistedTraits()) { $this->sandbox->whitelistTrait($node->name); } else { if ($node instanceof Node\Expr\FuncCall && $node->name instanceof Node\Name && $node->name->toString() == 'define' && $this->sandbox->allow_constants && $this->sandbox->auto_whitelist_constants && !$this->sandbox->isDefinedFunc('define') && !$this->sandbox->hasBlacklistedConsts()) { $name = isset($node->args[0]) ? $node->args[0] : null; if ($name && $name instanceof Node\Arg && $name->value instanceof Node\Scalar\String_ && is_string($name->value->value) && $name->value->value) { $this->sandbox->whitelistConst($name->value->value); } } else { if ($node instanceof Node\Stmt\Global_ && $this->sandbox->allow_globals && $this->sandbox->auto_whitelist_globals && $this->sandbox->hasWhitelistedVars()) { foreach ($node->vars as $var) { /** * @var Node\Expr\Variable $var */ if ($var instanceof Node\Expr\Variable) { $this->sandbox->whitelistVar($var->name); } } } else { if ($node instanceof Node\Stmt\Function_ && is_string($node->name) && $node->name && $this->sandbox->allow_functions && $this->sandbox->auto_whitelist_functions && !$this->sandbox->hasBlacklistedFuncs()) { $this->sandbox->whitelistFunc($node->name); } } } } } } }
/** Examine the current PhpParser_Node node against the PHPSandbox configuration for whitelisting trusted code * * @param \PhpParser\Node $node The trusted $node to examine * * @return null|bool Return false if node must be removed, or null if no changes to the node are made */ public function leaveNode(Node $node) { if ($node instanceof Node\Expr\FuncCall && $node->name instanceof Node\Name && !$this->sandbox->hasBlacklistedFuncs()) { $this->sandbox->whitelistFunc($node->name->toString()); } else { if ($node instanceof Node\Stmt\Function_ && is_string($node->name) && $node->name && !$this->sandbox->hasBlacklistedFuncs()) { $this->sandbox->whitelistFunc($node->name); } else { if (($node instanceof Node\Expr\Variable || $node instanceof Node\Stmt\StaticVar) && is_string($node->name) && $this->sandbox->hasWhitelistedVars() && !$this->sandbox->allow_variables) { $this->sandbox->whitelistVar($node->name); } else { if ($node instanceof Node\Expr\FuncCall && $node->name instanceof Node\Name && $node->name->toString() == 'define' && !$this->sandbox->isDefinedFunc('define') && !$this->sandbox->hasBlacklistedConsts()) { $name = isset($node->args[0]) ? $node->args[0] : null; if ($name && $name instanceof Node\Arg && $name->value instanceof Node\Scalar\String_ && is_string($name->value->value) && $name->value->value) { $this->sandbox->whitelistConst($name->value->value); } } else { if ($node instanceof Node\Expr\ConstFetch && $node->name instanceof Node\Name && !$this->sandbox->hasBlacklistedConsts()) { $this->sandbox->whitelistConst($node->name->toString()); } else { if ($node instanceof Node\Stmt\Class_ && is_string($node->name) && !$this->sandbox->hasBlacklistedClasses()) { $this->sandbox->whitelistClass($node->name); } else { if ($node instanceof Node\Stmt\Interface_ && is_string($node->name) && !$this->sandbox->hasBlacklistedInterfaces()) { $this->sandbox->whitelistInterface($node->name); } else { if ($node instanceof Node\Stmt\Trait_ && is_string($node->name) && !$this->sandbox->hasBlacklistedTraits()) { $this->sandbox->whitelistTrait($node->name); } else { if ($node instanceof Node\Expr\New_ && $node->class instanceof Node\Name && !$this->sandbox->hasBlacklistedTypes()) { $this->sandbox->whitelistType($node->class->toString()); } else { if ($node instanceof Node\Stmt\Global_ && $this->sandbox->hasWhitelistedVars()) { foreach ($node->vars as $var) { /** * @var Node\Expr\Variable $var */ if ($var instanceof Node\Expr\Variable) { $this->sandbox->whitelistVar($var->name); } } } else { if ($node instanceof Node\Stmt\Namespace_) { if ($node->name instanceof Node\Name) { $name = $node->name->toString(); $this->sandbox->checkNamespace($name); if (!$this->sandbox->isDefinedNamespace($name)) { $this->sandbox->defineNamespace($name); } } return false; } else { if ($node instanceof Node\Stmt\Use_) { foreach ($node->uses as $use) { /** * @var Node\Stmt\UseUse $use */ if ($use instanceof Node\Stmt\UseUse && $use->name instanceof Node\Name && (is_string($use->alias) || is_null($use->alias))) { $name = $use->name->toString(); $this->sandbox->checkAlias($name); if (!$this->sandbox->isDefinedAlias($name)) { $this->sandbox->defineAlias($name, $use->alias); } } } return false; } } } } } } } } } } } } return null; }