Prevent function calls
Posted: Thu May 24, 2007 10:59 pm
I need to execute PHP without any support for function calls outside of internally defined.
Using it as a psuedo-language for a application.
Here is what I am thinking:
- Pass script to phpcli.exe along with the script in question and possibly the list of functions which I do not wish to support.
Here is the problem I see:
- There are literally an arbitrary number of functions made available so explicitly specifying which ones execute and which don't doesn't make sense.
Is there a way (using standard install PHP - no fancy extensions, etc) to make PHP interpret that part of it's ini as negated operation - meaning only allow execution of these, as opposed to don't allow execution of these.
Short of parsing the script file and striping out function calls, is there any other native approach I could use?
Using it as a psuedo-language for a application.
Here is what I am thinking:
- Pass script to phpcli.exe along with the script in question and possibly the list of functions which I do not wish to support.
Here is the problem I see:
- There are literally an arbitrary number of functions made available so explicitly specifying which ones execute and which don't doesn't make sense.
Is there a way (using standard install PHP - no fancy extensions, etc) to make PHP interpret that part of it's ini as negated operation - meaning only allow execution of these, as opposed to don't allow execution of these.
Short of parsing the script file and striping out function calls, is there any other native approach I could use?