GithubHelp home page GithubHelp logo

lord2800 / noeval Goto Github PK

View Code? Open in Web Editor NEW
1.0 2.0 0.0 7 KB

A PHP extension to disable the eval language construct

License: BSD 2-Clause "Simplified" License

M4 25.98% JavaScript 3.78% C 56.57% Ruby 13.67%

noeval's Introduction

PHP Extension to disable eval

Disables the eval language construct, since it can't be disabled via the disabled_functions INI setting. I got tired of waiting for suhosin to be ready for PHP 7.0, especially with 7.1 around the corner, so I decided that since all I really need from it is to disable eval, I wrote an extension to do just that.

Build instructions

  1. git clone https://github.com/lord2800/noeval
  2. cd noeval
  3. phpize
  4. ./configure
  5. make
  6. make install

Works for PHP 5.6 and PHP 7, possibly more versions but I haven't explicitly tested it.

noeval's People

Contributors

lord2800 avatar

Stargazers

avatar

Watchers

avatar avatar

noeval's Issues

Installs, phpinfo shows it disabling eval... doesn't disable eval

There may be a detail I'm missing here, but here's my experience. I followed the instructions, built the module, loaded the module into php.ini, then ran php on the following script:

echo("Test\n");
eval('echo("Eval Test");');

The expected result would be for the eval function to fail. Instead it runs just fine.

php -i shows:

noeval
eval => disabled

Now, technically that's php71 -i since I'm using the remi repo for php 7.1 on CentOS 7. No idea if that makes a difference, or how if so.
Also, when I run phpinfo() through apache, the noeval section shows that eval is disabled, but again whether via command line or via apache, the eval code still runs.

Packaging

I don't know the first clue about how to package PHP extensions for any OS. ๐Ÿ˜ž

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.