Open silverbux opened 8 years ago
There are lot's of lists you can find on the internet, unfortunately just blacklisting functions does not help to guarantee security of your code. This application set was built specifically to allow you to eval code in a 'more secure way'.
You can look at Whitelisting functions that you know you use which would be 'better' than Blacklisting but ideally look to containerize your uploaded code.
Specifically this application disabled these functions in addition to the 'sandboxing'
'disable_functions' => 'exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,pcntl_fork,pcntl_exec,session_start,phpinfo,ini_set',
hi just wondering if anyone has a list of potentially harmful functions? basically the app im working on is a cloud editor, so mainly will be used for code preview.