Member Avatar for Kieran Y5

Hi,

I am currently creating a CMS which will allow PHP code to be used but I need to make sure that certain functions are not used that can ruin the CMS.

Basically, I need a way to stop certain functions (like fopen) to be executed. The only problem I have with using str_replace to replace the text is that it also replaces any only occurrence which is not a function.

Example (replacing fopen to void):

$file = fopen("/index.php", "w");
echo "I used fopen!";

Output (PHP):

$file = void("/index.php", "w");
echo "I used void!";

Is there any way of solving this problem??

  • 4 Contributors
  • 4 Replies
  • 90 Views
  • 16 Hours Discussion Span
  • Latest Post Latest Post by Kieran Y5
Member Avatar for qazplm114477

umm... are you using classes? if so, you can always set functions to private or protected. ex

class a(
     public function foo(){
         //this can be used outside this class/object
     }

     private function bar(){
         //this cannot  
     }
)
Member Avatar for madCoder

Hi,

I am currently creating a CMS which will allow PHP code to be used but I need to make sure that certain functions are not used that can ruin the CMS.

...
Is there any way of solving this problem??

Are you using the eval() function to execute php code?

Member Avatar for Kieran Y5

Are you using the eval() function to execute php code?

Yes, I am using eval() to execute the code.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.