dongsi3826 2012-10-22 01:38
浏览 54
已采纳

反思用户生成的PHP代码

I'm working on an application that will test the user's knowledge of PHP. The user will enter code and submit it and the application will check it for errors. This will include not only parse and runtime errors, but also the appropriateness of the response to the question.

The best way I can think to do this is to run an eval() on the user's code and check the result, i.e. if the user is asked to create an array of three given fruits, and he enters:

$fruits = array (
'orange',
'banana'
);

I want to be able to look at that array and determine that its size is not 3 and give that feedback in the quiz.

That's a really simple example, but it's the general idea.

Needless to say the idea of accepting arbitrary PHP code on a form and unconditionally running eval() on it is pure suicide, but it seems to make a lot more sense than running a bunch of regex on the text to check its validity. That would be an imperfect solution.

I'm wondering if there's anything I can do to really tighten things up so that people can't put malicious code in the answer. I noticed PHP safe mode is now extinct, but is there anything similar? I essentially just need a PHP emulator.

  • 写回答

1条回答 默认 最新

  • doujiang1993 2012-10-22 01:45
    关注

    I think, the PECL extension runkit could fit your needs.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能