php - open_basedir allow including "trusted" code -

-

i writing application want allow users write / run / test code on server, preloaded code application. want these users able work in directory , task can done open_basedir();, problem if want include application's code permission denied if require or include inside function or class file not included before open_basedir called.

example : 

<?php  function test() {     require 'test.php'; }  test(); // ok  ini_set('open_basedir', 'users/username/');  test(); // permission denied

is possible somehow allow "trusted" code of application included don't allow user's code access directories? , if possible, give me example or main idea on how can resolve this, if not related open_basedir()

in example, not have permission denied. give me possibility add great features application.

another example : 

spl_autoload_register(function($class) {     require $class . '.php'; });  ini_set('open_basedir', 'folder/');  new test(); // warning: require(): open_basedir restriction in effect.

well, if there no solution, present own.

i sure not best way, works expected.

first of all, users have option write/run custom code have upload server, or write on website (then save), have check code before save, imitates sandbox, abstractization of application. next run code in sandbox (with modified open_basedir limitation) , if code has no fatal errors (and have not modified files in working directory [if modified, these files checked]) saved. after user have option run code in real application.

cons :

  • abstractization of entire application (on every change in application's structure)

pros :

  • allow third party code access files / functions / classes want
  • block features / methods unknown code should not access
  • securely execute unknown code
  • no need check code on every execution
  • no external libraries required

Comments

Post a Comment

Popular posts from this blog

.htaccess - htaccess convert request to clean url and add slash at the end of the url -

-
ok , searched more 4 days , more 20 posts here in stach or in websites without kind of success first here htaccess file rewriteengine on rewriterule ^([a-za-z0-9_]+)/?$ index.php?page=$1 [nc] rewriterule ^([a-za-z0-9_]+)\/([a-za-z0-9_]+)\/?$ index.php?page=$1&action=$2 [nc] i tried many codes 1 worked me can call request , works me www.example.com/pagename => www.example.com/index.php?page=pagename here questions , please provide me information "in detail" understand code well 1- how convert request automatically www.example.com/index.php?page=pagename www.example.com/pagename 2- if tried add slash @ end shows me page without images or styling mean www.example.com/pagename => works www.example.com/pagename/ => doesn't work that's :) for first part need 301 rule this: rewritecond %{the_request} /index\.php\?page=([^\s&]+) [nc] rewriterule ^ /%1? [r=301,l] for second part use absolute path in css, js, images files r
Read more

C# random value from dictionary and tuple -

-
i have following code, , need random item contains string "region_1" dictionary. public static dictionary<int, tuple<string, int, currencytype>> itemarray = new dictionary<int, tuple<string, int, currencytype>>() { { 0xb3e, new tuple<string, int, currencytype>("region_1", 1500, currencytype.fame) } }; public static int generateitemid(string shopid) { var generateditem = itemarray.elementat(new random().next(0, itemarray.count)).key; } how select this? it's not possible efficiently... first create static random @ class level... prevent non-random behaviour if run query on short period of time... (it's seeded discrete clock) static random rnd = new random(); then: var item = itemarray.values .where(t => t.item1 == shopid) .orderby(_ => rnd.next()) .firstordefault()
Read more

algorithm - Testing tetrahedron-triangle intersection -

-
i want determine whether given triangle intersects tetrahedron. not want compute solution polygon(if exists) itself. there library/package/published practical algorithm can used solve problem directly (unlike attempt below)? i think last resort have use standard polygon-polygon intersection algorithm implementations solve problem indirectly . my attempt on problem: thought of breaking problem of polygon-polygon intersection. each triangular face(say t1 ) of tetrahedron , given triangle t2 , thought of doing following: compute intersection(a line) between planes corresponding each triangle, l1 . for each triangle: for each edge of triangle l2 , compute point of intersection p between l1 , l2 . test(maybe using parametric form) of l2 , if point lies on edge l2 . if both triangles t1 , t2 , there exists at least one edge on intersection point p lies, implies triangles(and hence given tetrahedron , triangle t2 ) do intersect. create orthonormal fr
Read more