How to safely execute user-submitted PHP code [dup

2019-03-11 11:34发布

问题:

Possible Duplicate:
PHP sandbox/sanitize code passed to create_function

I apologize for the very generalized question, but I need some guidance. What is the most ideal way to execute user-submitted PHP code? Think JSFiddle for PHP. I know there are sites that do this such as http://writecodeonline.com/php/ but I think that's PHP4 and doesn't work with half the code I try to run on it. I also know I could simply disable all the "risky" functions but, that's no fun :)

I know it would be extremely handy having a PHPFiddle.com we could refer to on StackOverflow just as we've come to rely on JSfiddle or JSbin.

I'm thinking something along the lines of creating a virtual host on my box so whatever filesystem functions the user tries to use will be limited to that sandbox. I'm not sure how to go about this though or if it would bring down my server having several of these running.

Ideas?

回答1:

I always wondered how good it would be to have a Cloud IDE where i could host all my PHP files, test it, share it etc. basically it should be able to do everything which i do in my Computer. and until recently i stumbled upon a very nice Cloud IDE called Kodingen. it is such a useful Cloud Application and so handy at times. however below is the list of some of the services which offers you to run PHP code.

  • http://kodingen.com/
  • http://www.codr.cc/
  • http://www.chopapp.com/
  • http://www.amyeditor.com/
  • https://codeanywhere.net/
  • http://www.coderun.com/
  • http://shiftedit.net/


回答2:

Have a look at Runkit_Sandbox: http://php.net/manual/en/runkit.sandbox.php

Instantiating the Runkit_Sandbox class creates a new thread with its own scope and program stack. Using a set of options passed to the constructor, this environment may be restricted to a subset of what the primary interpreter can do and provide a safer environment for executing user supplied code.