PHP Engine

[chriskapp]

Hi,

first let me say thanks for this great project! Currently in my project I have the need to execute user supplied source code to execute specific method calls etc. Since I dont want to use eval Iam currently using a v8 engine to execute user code on the server. But some users would like to use also PHP code so Iam searching for solutions to execute PHP code in some kind of a sandbox. Iam aware of PHPPHP which does this but looks quite outdated. Then there is also PHPSandbox which basically is not an engine since it only removes functions calls etc. but then uses eval so it is also not a safe solution in my opinion.

Iam thinking about starting to write such a basic engine based on this project. My goal is to not rebuild the PHP engine but simply build an engine in PHP which executes a specfic subset of PHP code (hopefully fast). Also the engine must not support the complete functionality of PHP i.e. classes, traits etc. It would be enough to support i.e. variables, operators, control structures and function/method calls from a specific whitelist of functions and objects. My first naive approach would be to add a method like:

public function execute(Context $context)

to every node and then do the fitting operation in PHP. So Iam currently not sure how the performance would be but what do you think about this idea? And also are there maybe already other projects which do exactly this?

[chriskapp]

Just for future readers, I have solved this problem in a different way. Instead of building a parser I have created a small library which filters out untrusted code through the PHPParser and which then uses normal PHP. This is of course also faster then a custom interpreter. So I will close this ticket since there is nothing more todo here.