|
|
 |
Runkit_Sandbox (no version information, might be only in CVS) Runkit_Sandbox --
Runkit Sandbox Class -- PHP Virtual Machine
说明
Instantiating the Runkit_Sandbox
class creates a new thread with its own scope
and program stack. Using a set of options passed to the constructor, this environment
may be restricted to a subset of what the primary interpreter can do and provide a
safer environment for executing user supplied code.
Constructorvoid Runkit_Sandbox::__construct ( [array options] )
options is an associative array containing
any combination of the special ini options listed below.
- safe_mode
If the outer script which is instantiating the
Runkit_Sandbox class
is configured with safe_mode = off, then safe_mode
may be turned on for the sandbox environment. This setting can not
be used to disable safe_mode when it's already
enabled in the outer script.
- open_basedir
open_basedir may be set to any path below the
current setting of open_basedir. If
open_basedir is not set within the global scope,
then it is assumed to be the root directory and may be set to any location.
- allow_url_fopen
Like safe_mode, this setting can only be made more restrictive,
in this case by setting it to FALSE when it is previously set to TRUE
- disable_functions
Comma separated list of functions to disable within the sandbox sub-interpreter.
This list need not contain the names of the currently disabled functions,
they will remain disabled whether listed here or not.
- disable_classes
Comma separated list of classes to disable within the sandbox sub-interpreter.
This list need not contain the names of the currently disabled classes,
they will remain disabled whether listed here or not.
- runkit.superglobal
Comma separated list of variables to be treated as superglobals within the
sandbox sub-interpreter. These variables will be used in addition to any
variables defined internally or through the global runkit.superglobal setting.
例子 1. Instantiating a restricted sandbox |
<?php
$options = array(
'safe_mode'=>true,
'open_basedir'=>'/var/www/users/jdoe/',
'allow_url_fopen'=>'false',
'disable_functions'=>'exec,shell_exec,passthru,system',
'disable_classes'=>'myAppClass');
$sandbox = new Runkit_Sandbox($options);
$sandbox->ini_set('html_errors',true);
?>
|
|
Accessing Variables
All variables in the global scope of the sandbox environment
are accessible as properties of the sandbox object.
The first thing to note is that because of the way memory
between these two threads is managed, object and resource
variables can not currently be exchanged between interpreters.
Additionally, all arrays are deep copied and any references
will be lost. This also means that references between
interpreters are not possible.
例子 2. Working with variables in a sandbox |
<?php
$sandbox = new Runkit_Sandbox();
$sandbox->foo = 'bar';
$sandbox->eval('echo "$foo\n"; $bar = $foo . "baz";');
echo "{$sandbox->bar}\n";
if (isset($sandbox->foo)) unset($sandbox->foo);
$sandbox->eval('var_dump(isset($foo));');
?>
|
|
上例将输出: Calling PHP Functions
Any function defined within the sandbox may be called as
a method on the sandbox object. This also includes a few
pseudo-function language constructs: eval(),
include(), include_once(),
require(), require_once(),
echo(), print(),
die(), and exit().
例子 3. Calling sandbox functions |
<?php
$sandbox = new Runkit_Sandbox();
echo $sandbox->str_replace('a','f','abc');
?>
|
|
上例将输出:
When passing arguments to a sandbox function, the arguments
are taken from the outer instance of PHP. If you wish to pass
arguments from the sandbox's scope, be sure to access them as
properties of the sandbox object as illustrated above.
例子 4. Passing arguments to sandbox functions |
<?php
$sandbox = new Runkit_Sandbox();
$foo = 'bar';
$sandbox->foo = 'baz';
echo $sandbox->str_replace('a',$foo,'a');
echo $sandbox->str_replace('a',$sandbox->foo,'a');
?>
|
|
上例将输出:
| |
runkit