I need to execute PHP without any support for function calls outside of internally defined.
Using it as a psuedo-language for a application.
Here is what I am thinking:
- Pass script to phpcli.exe along with the script in question and possibly the list of functions which I do not wish to support.
Here is the problem I see:
- There are literally an arbitrary number of functions made available so explicitly specifying which ones execute and which don't doesn't make sense.
Is there a way (using standard install PHP - no fancy extensions, etc) to make PHP interpret that part of it's ini as negated operation - meaning only allow execution of these, as opposed to don't allow execution of these.
Short of parsing the script file and striping out function calls, is there any other native approach I could use?
Prevent function calls
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Yes I know, but I want to only allow basic constructs (loops, etc) no external function calls. I'm using PHP as something of a pre-processor. It's theoretically impossible to list all available functions (because of the extenable nature of PHP w/ extensions and all) so I am looking for a way to reverse that functionality and say, these *are* the functions you can execute.
I'm thinking it's not possible from the reading I've done.
I'm thinking it's not possible from the reading I've done.
- stereofrog
- Forum Contributor
- Posts: 386
- Joined: Mon Dec 04, 2006 6:10 am
You basically need to parse the code into AST, remove or replace unwanted function calls and reconstruct the code back from AST.
The packages from pear/PHP branch like http://pear.php.net/package/PHP_ParserGenerator/ would be of some help
The packages from pear/PHP branch like http://pear.php.net/package/PHP_ParserGenerator/ would be of some help