I'm trying to make a plugin system and the plugin contain PHP code.
I think if someone evil reach the area that upload this plugin he can upload evil code
so I want to limit the functions used in plugin file such as if there is eval() or base64_encode function the upload should fail.
I think this will be done by the regex, but I have no experiance with it.
So I want something like that
<?php
$file = 'plugin.php';
$content = file_get_contents($file);
if(file_is_secure($content)){
upload($file);
}else{
exit('evil');
}
?>
see this example
<?php
$content = file_get_contents('example.php');
preg_match_all("/(function )(\S*\(\S*\))/", $content, $matches);
foreach($matches[2] as $match) {
$function[] = "// " . trim($match) . "<br />
";
}
natcasesort($function);
$functionlist .= "/* Functions in this file */<br />
";
$functionlist .= "/**************************/<br />
";
$functionlist .= implode('', $function);
echo $functionlist;
?>
i want one like this but for making a white list and not for use functions, but for the function it self " i mean function(); not function name(){}
