#40722 [NEW]: future request:add "safe eval" function

[shimon at schoolportal dot co dot il]

From: shimon at schoolportal dot co dot il
Operating system: na
PHP version: 4.4.5
PHP Bug Type: Feature/Change Request
Bug description: future request:add "safe eval" function

Description:
------------
i would be cool to have a "safe eval" function
for example:
eval($code, $safe=true,$safe_alow,$safe_disalow ,or $safe_ini_settings);

i do want users to insert some code to use database and simple php
in their free web site to create info boxes and small website components
or php in their site templates. but i want to stay safe.


--
Edit bug report at [url]http://bugs.php.net/?id=40722&edit=1[/url]
--
Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40722&r=trysnapshot44[/url]
Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40722&r=trysnapshot52[/url]
Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40722&r=trysnapshot60[/url]
Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40722&r=fixedcvs[/url]
Fixed in release: [url]http://bugs.php.net/fix.php?id=40722&r=alreadyfixed[/url]
Need backtrace: [url]http://bugs.php.net/fix.php?id=40722&r=needtrace[/url]
Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40722&r=needscript[/url]
Try newer version: [url]http://bugs.php.net/fix.php?id=40722&r=oldversion[/url]
Not developer issue: [url]http://bugs.php.net/fix.php?id=40722&r=support[/url]
Expected behavior: [url]http://bugs.php.net/fix.php?id=40722&r=notwrong[/url]
Not enough info: [url]http://bugs.php.net/fix.php?id=40722&r=notenoughinfo[/url]
Submitted twice: [url]http://bugs.php.net/fix.php?id=40722&r=submittedtwice[/url]
register_globals: [url]http://bugs.php.net/fix.php?id=40722&r=globals[/url]
PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40722&r=php3[/url]
Daylight Savings: [url]http://bugs.php.net/fix.php?id=40722&r=dst[/url]
IIS Stability: [url]http://bugs.php.net/fix.php?id=40722&r=isapi[/url]
Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40722&r=gnused[/url]
Floating point limitations: [url]http://bugs.php.net/fix.php?id=40722&r=float[/url]
No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40722&r=nozend[/url]
MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40722&r=mysqlcfg[/url]

[tony2001@php.net]

ID: 40722
Updated by: [email]tony2001@php.net[/email]
Reported By: shimon at schoolportal dot co dot il
-Status: Open
+Status: Bogus
Bug Type: Feature/Change Request
Operating System: na
PHP Version: 4.4.5
New Comment:

I'm afraid we'll never go this route again.
You have to manage privileges using your OS utilities, not PHP.
Also, the meaining of "safety" is quite dim in this particular case, so
I can't just imagine a function that would be safe _for everyone_ and
useable _for everyone_ without having a bunch of arguments or INI
options.


Previous Comments:
------------------------------------------------------------------------

[2007-03-05 05:56:47] shimon at schoolportal dot co dot il

Description:
------------
i would be cool to have a "safe eval" function
for example:
eval($code, $safe=true,$safe_alow,$safe_disalow ,or
$safe_ini_settings);

i do want users to insert some code to use database and simple php
in their free web site to create info boxes and small website
components or php in their site templates. but i want to stay safe.



------------------------------------------------------------------------


--
Edit this bug report at [url]http://bugs.php.net/?id=40722&edit=1[/url]