Hi,

I am currently creating a CMS which will allow PHP code to be used but I need to make sure that certain functions are not used that can ruin the CMS.

Basically, I need a way to stop certain functions (like fopen) to be executed. The only problem I have with using str_replace to replace the text is that it also replaces any only occurrence which is not a function.

Example (replacing fopen to void):

$file = fopen("/index.php", "w");
echo "I used fopen!";

Output (PHP):

$file = void("/index.php", "w");
echo "I used void!";

Is there any way of solving this problem??

umm... are you using classes? if so, you can always set functions to private or protected. ex

class a(
     public function foo(){
         //this can be used outside this class/object
     }

     private function bar(){
         //this cannot  
     }
)

Hi,

I am currently creating a CMS which will allow PHP code to be used but I need to make sure that certain functions are not used that can ruin the CMS.

...
Is there any way of solving this problem??

Are you using the eval() function to execute php code?

Are you using the eval() function to execute php code?

Yes, I am using eval() to execute the code.