<?php $code = <<<CODE ff\\bunction f() {} CODE; $funcs_internal = get_defined_functions()['internal']; /* lets allow some secure funcs here */ unset ($funcs_internal[array_search('strlen', $funcs_internal)]); unset ($funcs_internal[array_search('print', $funcs_internal)]); unset ($funcs_internal[array_search('strcmp', $funcs_internal)]); unset ($funcs_internal[array_search('strncmp', $funcs_internal)]); $funcs_extra = array ('eval', 'include', 'require', 'function'); $funny_chars = array ('\.', '\+', '-', '\*', '"', '`', '\[', '\]'); $variables = array ('_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_FILES', '_ENV', 'HTTP_ENV_VARS', '_SESSION', 'GLOBALS'); $blacklist = array_merge($funcs_internal, $funcs_extra, $funny_chars, $variables); $insecure = false; foreach ($blacklist as $blacklisted) { if (preg_match ('/' . $blacklisted . '/im', $code)) { $insecure = $blacklisted; break; } } if ($insecure) { var_dump($insecure); } else { eval ($code); }
You have javascript disabled. You will not be able to edit any code.