Can someone execute a php function in my library but not called on the viewed page?

Let's say I have a php file, test.php with 2 functions: test1() and test2().

If I have an external php file, index.php, with include(test.php) in its code. If in the index.php file has a reference to test1开发者_开发技巧() but not test2(), is there any way that someone would be able to execute test2() by doing something malicious while using the index.php file?

---

The only way they could execute arbitrary code is through a code injection vulnerability.

Here's an oversimplified example:

<?php

$runthis = $_GET["runthis"];

$runthis();

So an attacker could invoke your script as http://example.com/index.php?runthis=test2 and then it would run your test2() function.

Read more about code injection at the wikipedia article I linked to above, or at the OWASP site.

---

When you say "using", do you mean like an end user in their browser? No, they can't run arbitrary code.