I have created an online PHP code executor at http://web.guru99.com
Though I have checked all security aspects … do you experts see any major flaw that I need to care of?

Recommended Answers

No matter what I enter, I get: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING so I'd say it's secure enough... ;)

Jump to Post

RecursiveDirectoryIterator and include / include_once / require / require_once should be blocked too.

Jump to Post

All 7 Replies

No matter what I enter, I get: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING so I'd say it's secure enough... ;)

You should disable system() and similar functions. At the moment I can list root of the server. Also consider to run this into a jail root.

Ok, I see now it's fixed, disable also dir() function: http://www.php.net/manual/en/function.dir.php
Same goes for include, require, error_log (this gives the ability to send emails).

RecursiveDirectoryIterator and include / include_once / require / require_once should be blocked too.

Sorry for the update, but finally I remembered the name of the library, consider to move the app to runkit:

You can create a sandbox and so you can limit most of the problems.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.