fieryprophet
commented
5 months ago What happens if you attempt to do so? What if you want to enable such functionality. what do you do?
If the relevant class or functions are enabled by the sandbox then they will work perfectly fine. This library is a userland implementation of a sandbox, e.g. it basically looks at the PHP source it is passed and checks that it passes the configuration it was defined with, with some source-rewriting to defeat attempts by ingested code to break out of it.
This is about the extent that is achievable in a userland context because stronger security would have to be implemented via an extension and within the PHP environment itself, the OS, etc. but also means that pretty much anything will work with it if given permission to do so via configuration. But once you have given the sandbox access to DBs it does not do any form of SQL-injection proofing or mitigation of whatever that code tries to do with the functionality.
What happens if you attempt to do so? What if you want to enable such functionality. what do you do?