php - open_basedir allow including "trusted" code -

-

i writing application want allow users write / run / test code on server, preloaded code application. want these users able work in directory , task can done open_basedir();, problem if want include application's code permission denied if require or include inside function or class file not included before open_basedir called.

example : 

<?php  function test() {     require 'test.php'; }  test(); // ok  ini_set('open_basedir', 'users/username/');  test(); // permission denied

is possible somehow allow "trusted" code of application included don't allow user's code access directories? , if possible, give me example or main idea on how can resolve this, if not related open_basedir()

in example, not have permission denied. give me possibility add great features application.

another example : 

spl_autoload_register(function($class) {     require $class . '.php'; });  ini_set('open_basedir', 'folder/');  new test(); // warning: require(): open_basedir restriction in effect.

well, if there no solution, present own.

i sure not best way, works expected.

first of all, users have option write/run custom code have upload server, or write on website (then save), have check code before save, imitates sandbox, abstractization of application. next run code in sandbox (with modified open_basedir limitation) , if code has no fatal errors (and have not modified files in working directory [if modified, these files checked]) saved. after user have option run code in real application.

cons :

  • abstractization of entire application (on every change in application's structure)

pros :

  • allow third party code access files / functions / classes want
  • block features / methods unknown code should not access
  • securely execute unknown code
  • no need check code on every execution
  • no external libraries required

Comments

Post a Comment

Popular posts from this blog

database - VFP Grid + SQL server 2008 - grid not showing correctly -

-
i having problem, have grid called "gridbasica" , this: thisform.gridbase.recordsource = "sgviemp" sgviemp cursor made executing select sqlserver command sqlexec. when want modify registry, go form , the update there. so, when come form grid, grid isnt grid anymore, big white rectangle. reading around said: delete recordsource , asingt again. thisform.gridbase.recordsource = "" *--i sqlexe here thisform.gridbase.recordsource = "sgviemp" i , works, but, when click button modify again cursos updated modify form doesnt load fields did first time. could me out that? thanks in advance. --------------- edit ------------------ i have been doing recommended: lnselect = select(0) n = sqlexec(thisform.conexion,"select emp_ccodigo codigo, emp_cnombre 'nombre o razon social', emp_cnumrif 'r.i.f' sgviempr","sgviemp1") set echo on suspend select sgviemp zap in sgviemp *-- browse *--zaps correct
Read more

jquery - Set jPicker field to empty value -

-
im using jpicker color selector in form. have clear value set window/icon 'no color selected' state. i've tried following: $(':input[name="color"]').val(''); //access value directly. (does not affect jpicker) 2: $.jpicker.list[0].color.active.val('hex', '', this); //set color black , input value 000000, instead of empty string 3: $.jpicker.list[0].color.active.val(null, '', this); //does nothing none of 3 methods seems behave properly. in advance. this works me :) $.jpicker.list[0].color.active.val('v', null); here example: http://jsfiddle.net/3up7n/
Read more

.htaccess - htaccess convert request to clean url and add slash at the end of the url -

-
ok , searched more 4 days , more 20 posts here in stach or in websites without kind of success first here htaccess file rewriteengine on rewriterule ^([a-za-z0-9_]+)/?$ index.php?page=$1 [nc] rewriterule ^([a-za-z0-9_]+)\/([a-za-z0-9_]+)\/?$ index.php?page=$1&action=$2 [nc] i tried many codes 1 worked me can call request , works me www.example.com/pagename => www.example.com/index.php?page=pagename here questions , please provide me information "in detail" understand code well 1- how convert request automatically www.example.com/index.php?page=pagename www.example.com/pagename 2- if tried add slash @ end shows me page without images or styling mean www.example.com/pagename => works www.example.com/pagename/ => doesn't work that's :) for first part need 301 rule this: rewritecond %{the_request} /index\.php\?page=([^\s&]+) [nc] rewriterule ^ /%1? [r=301,l] for second part use absolute path in css, js, images files r
Read more