safer eval()

about
introduction and warning

restrictions
elements permitted by default

download
sourceforge.net project page

demo
hacking sandbox

contact

About this class

This libray attempts to secure eval() in order to allow for the following kind of scripting:

• user-controlled
• over-the-web
• focused on variable-handling
• independent of third-party parsers or interpreters

To achieve this, a big part of PHP's functionality has been restricted, but these limits are configurable.

How does it work?

Safer eval() checks the user's code for (or against) the following aspects:

1. Syntax
2. Shell-execution
3. Variable variable names
4. Variable function names
5. PHP Tokens
6. Variable names
7. Function names

WARNING!

• Using eval() on user scripts is an extremely high security risk.
• Safer eval() is experimental.
• Safer eval() is intended for experienced developers.
• Safer eval() has not been tested in production environemnts.