开发者

How to safely execute user-submitted PHP code [duplicate]

开发者 https://www.devze.com 2023-04-01 02:05 出处:网络
This question already has answers here: Closed 11 years ago. Possible Duplicate: PHP sandbox/sanitize code passed to create_function
This question already has answers here: Closed 11 years ago.

Possible Duplicate:

PHP sandbox/sanitize code passed to create_function

I apol开发者_高级运维ogize for the very generalized question, but I need some guidance. What is the most ideal way to execute user-submitted PHP code? Think JSFiddle for PHP. I know there are sites that do this such as http://writecodeonline.com/php/ but I think that's PHP4 and doesn't work with half the code I try to run on it. I also know I could simply disable all the "risky" functions but, that's no fun :)

I know it would be extremely handy having a PHPFiddle.com we could refer to on StackOverflow just as we've come to rely on JSfiddle or JSbin.

I'm thinking something along the lines of creating a virtual host on my box so whatever filesystem functions the user tries to use will be limited to that sandbox. I'm not sure how to go about this though or if it would bring down my server having several of these running.

Ideas?


I always wondered how good it would be to have a Cloud IDE where i could host all my PHP files, test it, share it etc. basically it should be able to do everything which i do in my Computer. and until recently i stumbled upon a very nice Cloud IDE called Kodingen. it is such a useful Cloud Application and so handy at times. however below is the list of some of the services which offers you to run PHP code.

  • http://kodingen.com/
  • http://www.codr.cc/
  • http://www.chopapp.com/
  • http://www.amyeditor.com/
  • https://codeanywhere.net/
  • http://www.coderun.com/
  • http://shiftedit.net/


Have a look at Runkit_Sandbox: http://php.net/manual/en/runkit.sandbox.php

Instantiating the Runkit_Sandbox class creates a new thread with its own scope and program stack. Using a set of options passed to the constructor, this environment may be restricted to a subset of what the primary interpreter can do and provide a safer environment for executing user supplied code.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号