I am currently creating a CMS which will allow PHP code to be used but I need to make sure that certain functions are not used that can ruin the CMS.
Basically, I need a way to stop certain functions (like fopen) to be executed. The only problem I have with using str_replace to replace the text is that it also replaces any only occurrence which is not a function.
Example (replacing fopen to void):
$file = fopen("/index.php", "w"); echo "I used fopen!";
$file = void("/index.php", "w"); echo "I used void!";
Is there any way of solving this problem??