search

Corveda / PHPSandbox

A PHP-based sandboxing library with a full suite of configuration and validation options.
https://phpsandbox.org
Other
220 stars 46 forks source link

named argument not working #37

Open Jobians opened 10 months ago

Jobians commented 10 months ago

Fatal error: Cannot use positional argument after named argument in /data/data/com.termux/files/home/php/bota/vendor/corveda/php-sandbox/src/PHPSandbox.php(6990) : eval()'d code on line 28

peter279k commented 10 months ago

Which PHP version you use?

Which PHP code snippets you execute via the PHPSandbox?

Jobians commented 10 months ago
  1. Php8.2
  2. $myClass->method(name: "John", age: 50);
peter279k commented 10 months ago

I think the fatal error is happened because it will execute the eval('$myClass->method(name: "John", age: 50);') code via the PHPSandbox.

I need to setup the PHPSandbox and verify above explanation.

Jobians commented 10 months ago

Ok I will be waiting thanks

peter279k commented 10 months ago

I think the fatal error is happened because it will execute the eval('$myClass->method(name: "John", age: 50);') code via the PHPSandbox.

I need to setup the PHPSandbox and verify above explanation.

The explanation is confirmed. And I use the following code snippets to get the same fatal error:

PHP Fatal error: Cannot use positional argument after named argument in /home/peterli/vendor/corveda/php-sandbox/src/PHPSandbox.php(6990) : eval()'d code on line 5

<?php

require_once __DIR__ . '/vendor/autoload.php';

class MyClass
{
    public function method($name, $age) {
        return [$name, $age];
    }
}
$class = new MyClass;

$codeSnippets = '<?php var_dump($class->method(name: \'Peter\', age: 50));';

$sandbox = new PHPSandbox\PHPSandbox;
$sandbox->defineVars(['class' => $class]);
$sandbox->whitelistClass(MyClass::class);
$sandbox->whitelistFunc('var_dump');
$sandbox->execute($codeSnippets);

To avoid getting the above fatal error you mention, I think the temporary way is to use the positional argument to call the method:

<?php

require_once __DIR__ . '/vendor/autoload.php';

class MyClass
{
    public function method($name, $age) {
        return [$name, $age];
    }
}
$class = new MyClass;

$codeSnippets = '<?php var_dump($class->method(\'Peter\', 50));';

$sandbox = new PHPSandbox\PHPSandbox;
$sandbox->defineVars(['class' => $class]);
$sandbox->whitelistClass(MyClass::class);
$sandbox->whitelistFunc('var_dump');
$sandbox->execute($codeSnippets);
Jobians commented 10 months ago

Ok thank you for your time, will you fix the issue in future?

peter279k commented 10 months ago

I think it's not easy to fix the issue because it has the compatibility issue.

It needs to use the named argument approach when calling the eval function. And the feature is only available for the PHP 8.0 version at least.