Instantiating the Runkit_Sandbox class creates a new thread with its own scope and program stack. Using a set of options passed to the constructor, this environment may be restricted to a subset of what the primary interpreter can do and provide a safer environment for executing user supplied code.
Note: Sandbox support (required for runkit_lint(), runkit_lint_file(), and the Runkit_Sandbox class) is only available as of PHP 5.1.0 or specially patched versions of PHP 5.0, and requires that thread safety be enabled. See the README file included in the runkit package for more information.
<?php $options = array( 'safe_mode'=>true, 'open_basedir'=>'/var/www/users/jdoe/', 'allow_url_fopen'=>'false', 'disable_functions'=>'exec,shell_exec,passthru,system', 'disable_classes'=>'myAppClass'); $sandbox = new Runkit_Sandbox($options); /* Non-protected ini settings may set normally */ $sandbox->ini_set('html_errors',true); ?>
All variables in the global scope of the sandbox environment are accessible as properties of the sandbox object. The first thing to note is that because of the way memory between these two threads is managed, object and resource variables can not currently be exchanged between interpreters. Additionally, all arrays are deep copied and any references will be lost. This also means that references between interpreters are not possible.
<?php $sandbox = new Runkit_Sandbox(); $sandbox->foo = 'bar'; $sandbox->eval('echo "$foo\n"; $bar = $foo . "baz";'); echo "{$sandbox->bar}\n"; if (isset($sandbox->foo)) unset($sandbox->foo); $sandbox->eval('var_dump(isset($foo));'); ?>
Any function defined within the sandbox may be called as a method on the sandbox object. This also includes a few pseudo-function language constructs: eval(), include, include_once, require, require_once, echo, print, die(), and exit().
<?php $sandbox = new Runkit_Sandbox(); echo $sandbox->str_replace('a','f','abc'); ?>
When passing arguments to a sandbox function, the arguments are taken from the outer instance of PHP. If you wish to pass arguments from the sandbox's scope, be sure to access them as properties of the sandbox object as illustrated above.
<?php $sandbox = new Runkit_Sandbox(); $foo = 'bar'; $sandbox->foo = 'baz'; echo $sandbox->str_replace('a',$foo,'a'); echo $sandbox->str_replace('a',$sandbox->foo,'a'); ?>
Please login to continue.