PHP Classes

File: example.php

Recommend this page to a friend!
  Classes of Paul Fryer   PHP Sandbox   example.php   Download  
File: example.php
Role: Example script
Content type: text/plain
Description: Example usage files
Class: PHP Sandbox
Execute external PHP scripts in a separate process
Author: By
Last change: Demos new features
Date: 11 years ago
Size: 4,617 bytes


Class file image Download

 * PHP Sandbox
 * A PHP sandboxing class to help increase security of unknown scripts
 * This is not the be all and end all of security!
 * Requirements: PHP5
 * Copyright (c) 2011 Paul Fryer (
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the The GNU Lesser General Public License as published by
 * the Free Software Foundation; version 3 or any latter version of the license.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * The GNU Lesser General Public License (LGPLv3) for more details.
 * @package PHPSandbox
 * @author Paul Fryer <>
 * @license LGPL

require_once 'phpsandbox.php';

ini_set('display_warnings', 'on');

//Default sandbox
$sandbox = new PHPSandbox();

//Modified sandbox to allow testing of session data
$sandbox2 = new PHPSandbox(array('pass_session_data' => true));

//Modified sandbox to allow full access of session data
$sandbox3 = new PHPSandbox(array('pass_session_data' => true,
'pass_session_id' => true,
'display_errors' => 'on',
'pass_post' => true,
'pass_get' => true,

//We really do trust this script

$dir = dirname(__FILE__).DIRECTORY_SEPARATOR;

//For example purposes
$_SESSION['TestValue'] = 'Yay :-) '.time();

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "">
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>PHPSandbox Examples</title>
        <h1>PHPSandbox</h1><h2>Run some PHP files with in an external PHP file in a 'safer' mannor</h2>
            <div><h3>Output Session Data</h3><p>Show the start Session data</p></div>
            <div style="border:1px; padding:5px;"><?php echo 'Genuine Session ID: '.session_id().'<br/>'; foreach ($_SESSION as $key => $value){ echo '<p>'.$key.' = '.$value.'</p>'; }; ?></div>
            <div><h3>Example 1 - Valid Code</h3><p>Just run some considered safe code</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox->runFile($dir.'samples/valid.php')); ?></div>

            <div><h3>Example 2 - Invalid PHP</h3><p>Try to include a file that is badly formated</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox->runFile($dir.'samples/invalid.php')); ?></div>
            <div><h3>Example 3 - Malicious PHP</h3><p>Try to run some code that would do something considered dodgy</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox->runFile($dir.'samples/malicious.php')); ?></div>

            <div><h3>Example 4 - Recon PHP</h3><p>Run some PHP specifically for gathering information about the system (With a copy of the session information and a faked ID)</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox2->runFile($dir.'samples/recon.php')); ?></div>

            <div><h3>Example 5 - Trusted PHP</h3><p>Run some trusted PHP with Session Access and Update rights (Direct Session access)</p></div>
            <div style="border:1px; padding:15px; margin:15px; background:cornsilk;"><?php echo($sandbox3->runFile($dir.'samples/trusted.php')); ?></div>

            <div><h3>Example 6 - Slow PHP</h3><p>Include a PHP file that would run for longer than the allowed limit</p></div>
            <div style="border:1px; padding:5px; background:cornsilk;"><?php echo($sandbox3->runFile($dir.'samples/slow.php')); ?></div>
            <div><h3>Example 7 - Running PHP from a string input</h3><p>Run the trusted PHP code but with protection and as if it's been streamed in to the command</p></div>
            <div style="border:1px; padding:5px; background:cornsilk;"><?php echo($sandbox3->runCode(file_get_contents($dir.'samples/trusted.php'))); ?></div>

            <div><h3>Output Session Data</h3><p>Show the now Session data</p></div>
            <div style="border:1px; padding:5px;"><?php foreach ($_SESSION as $key => $value){ echo '<p>'.$key.' = '.$value.'</p>'; }; ?></div>