PHP Classes
elePHPant
Icontem

File: example.php

Recommend this page to a friend!
  Classes of Paul Fryer  >  PHP Sandbox  >  example.php  >  Download  
File: example.php
Role: Example script
Content type: text/plain
Description: Example usage files
Class: PHP Sandbox
Execute external PHP scripts in a separate process
Author: By
Last change: Demos new features
Date: 8 years ago
Size: 4,617 bytes
 

 

Contents

Class file image Download
<?php

/**
 * PHP Sandbox
 *
 * A PHP sandboxing class to help increase security of unknown scripts
 * This is not the be all and end all of security!
 *
 * Requirements: PHP5
 * Copyright (c) 2011 Paul Fryer (www.fryer.org.uk)
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the The GNU Lesser General Public License as published by
 * the Free Software Foundation; version 3 or any latter version of the license.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * The GNU Lesser General Public License (LGPLv3) for more details.
 *
 *
 * @package PHPSandbox
 * @author Paul Fryer <paul@fryer.org.uk>
 * @license http://www.opensource.org/licenses/lgpl-3.0.html LGPL
 *
 */

require_once 'phpsandbox.php';

ini_set('display_warnings', 'on');

//Default sandbox
$sandbox = new PHPSandbox();

//Modified sandbox to allow testing of session data
$sandbox2 = new PHPSandbox(array('pass_session_data' => true));

//Modified sandbox to allow full access of session data
$sandbox3 = new PHPSandbox(array('pass_session_data' => true,
                               
'pass_session_id' => true,
                               
'display_errors' => 'on',
                               
'pass_post' => true,
                               
'pass_get' => true,
));

//We really do trust this script
$sandbox3->enableAllFunction(true);

$dir = dirname(__FILE__).DIRECTORY_SEPARATOR;

//For example purposes
session_start();
if(!isset(
$_SESSION['TestValue'])){
   
$_SESSION['TestValue'] = 'Yay :-) '.time();
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>PHPSandbox Examples</title>
    </head>
    <body>
        <h1>PHPSandbox</h1><h2>Run some PHP files with in an external PHP file in a 'safer' mannor</h2>
       
        <div>
            <div><h3>Output Session Data</h3><p>Show the start Session data</p></div>
            <div style="border:1px; padding:5px;"><?php echo 'Genuine Session ID: '.session_id().'<br/>'; foreach ($_SESSION as $key => $value){ echo '<p>'.$key.' = '.$value.'</p>'; }; ?></div>
        </div>
       
        <div>
            <div><h3>Example 1 - Valid Code</h3><p>Just run some considered safe code</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox->runFile($dir.'samples/valid.php')); ?></div>
        </div>

        <div>
            <div><h3>Example 2 - Invalid PHP</h3><p>Try to include a file that is badly formated</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox->runFile($dir.'samples/invalid.php')); ?></div>
        </div>
       
        <div>
            <div><h3>Example 3 - Malicious PHP</h3><p>Try to run some code that would do something considered dodgy</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox->runFile($dir.'samples/malicious.php')); ?></div>
        </div>

        <div>
            <div><h3>Example 4 - Recon PHP</h3><p>Run some PHP specifically for gathering information about the system (With a copy of the session information and a faked ID)</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox2->runFile($dir.'samples/recon.php')); ?></div>
        </div>

        <div>
            <div><h3>Example 5 - Trusted PHP</h3><p>Run some trusted PHP with Session Access and Update rights (Direct Session access)</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox3->runFile($dir.'samples/trusted.php')); ?></div>
        </div>

        <div>
            <div><h3>Example 6 - Slow PHP</h3><p>Include a PHP file that would run for longer than the allowed limit</p></div>
            <div style="border:1px; padding:5px; background:cornsilk;"><?php echo($sandbox3->runFile($dir.'samples/slow.php')); ?></div>
        </div>
       
        <div>
            <div><h3>Example 7 - Running PHP from a string input</h3><p>Run the trusted PHP code but with protection and as if it's been streamed in to the command</p></div>
            <div style="border:1px; padding:5px; background:cornsilk;"><?php echo($sandbox3->runCode(file_get_contents($dir.'samples/trusted.php'))); ?></div>
        </div>

        <div>
            <div><h3>Output Session Data</h3><p>Show the now Session data</p></div>
            <div style="border:1px; padding:5px;"><?php foreach ($_SESSION as $key => $value){ echo '<p>'.$key.' = '.$value.'</p>'; }; ?></div>
        </div>

    </body>
</html>