Jump to content

Search the Community

Showing results for tags 'eval'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • W3Schools
    • General
    • Suggestions
    • Critiques
  • HTML Forums
    • HTML/XHTML
    • CSS
  • Browser Scripting
    • JavaScript
    • VBScript
  • Server Scripting
    • Web Servers
    • Version Control
    • SQL
    • ASP
    • PHP
    • .NET
    • ColdFusion
    • Java/JSP/J2EE
    • CGI
  • XML Forums
    • XML
    • XSLT/XSL-FO
    • Schema
    • Web Services
  • Multimedia
    • Multimedia
    • FLASH

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Languages

Found 2 results

  1. How can I save a little PHP code to $Tom, and then evaluate $Tom and save that to a variable as attempted below:? $Tom = "echo 'blah'"eval($Tom); When I try and use eval here, I get the following error: Parse error: syntax error, unexpected $end, expecting ',' or ';' Worse still, I want to save the result of eval to an array element. as for saving the value to an array, I tried $bob = eval($Tom);and array_push($myarray, $varone, "'".eval($Tom)."'") Didn't work. I am very frustrated with eval. How can I do what I am trying to do? That is, save the result of eval to an array element? I did a search on eval, and got a lot of suggestions and saw lots of requests for a replacement function, but the suggestions were what I have seen before, and did not know how to apply, and the requests for a replacement function went unanswered. Thanks You guys are great.
  2. I am currently creating an e-learning application for my honours project (This will not go live or be distributed for profit) that teaches php to brand new users however there will obviously be experienced users using the application as well and they will try to attack it or bring it down. My code to process the user input for malicious code strings before it is run thru an eval(); is below.If any of the banned words are found it returns false and the user input never gets near an eval() function. If no banned words are found then it returns true and the input (PHP CODE) is run thru an eval(); and the results checked to see if the user input had the desiered effect (e.g. change the value of a local variable inside a function) Any major security issues that anyone can see or advice on making my applicaton more secure is greatly appreciated. P.s. Any feedback used in the application will be 100% referenced to avoid accusations of plagerism. function checkPHP($input){// array of denied words.$deniedWords = array( //PHP tags '<?', '?>', '?', 'PHP', 'script', //Session Variables '$_SESSION', '$_GET', '$_POST', '$_GLOBALS', '$HTTP_POST_VARS', 'GLOBAL', 'SESSION', 'SERVER', 'GET', 'POST', 'COOKIE', 'REQUEST', 'FILE', //Escape chars on session variables '$_', "'_'", "'\$'", "'\_'", '\$', '\_', "$'", "'$", "_'", "'_", '\\', '/', '_', //Commands that parse code as PHP 'INCLUDE', 'REQUIRE', 'EVAL', //Shell commands 'SYSTEM', 'EXEC', '`', 'SHELL', 'passthru', 'popen', 'DROP', //PHP core functions 'magic_quotes', 'base64_decode', 'scandir', 'file_', 'unlink', 'get_defined_functions', 'get_defined_vars', 'get_defined_constants', 'get_loaded_extensions', 'assert_options', 'assert', 'dl', 'extension_loaded', 'gc_collect_cycles', 'gc_disable', 'gc_enable', 'gc_enabled', 'get_cfg_var', 'get_current_user', 'get_defined_constants', 'get_extension_funcs', 'get_include_path', 'get_included_files', 'get_loaded_extensions', 'get_magic_quotes_gpc', 'get_magic_quotes_runtime', 'get_required_files', 'getenv', 'getlastmod', 'getmygid', 'getmyinode', 'getmypid', 'getmyuid', 'getopt', 'getrusage', 'ini_alter', 'ini_get_all', 'ini_get', 'ini_restore', 'ini_set', 'magic_quotes_runtime', 'main', 'memory_get_peak_usage', 'memory_get_usage', 'php_ini_loaded_file', 'php_ini_scanned_files', 'php_logo_guid', 'php_sapi_name', 'php_uname', 'phpcredits', 'phpinfo', 'phpversion', 'putenv', 'restore_include_path', 'set_magic_quotes_runtime', 'set_time_limit', 'sys_get_temp_dir', 'version_compare', 'zend_logo_guid', 'zend_thread_id', 'zend_version', 'REFLECTION', 'apc_', 'apd_', 'error', 'debug_', 'restore_', 'trigger_', 'override_', 'rename_', 'inclued', 'flush', 'ob_', 'output_', 'overload', 'runkit_', 'wincache_', 'xhprof_', 'rewrite', 'file_exists', 'fopen', 'fwrite', 'fclose', 'ctype_alnum', 'realpath', 'is_file', 'chdir', 'mail', 'preg' );$found = "";for($i=0;$i<count($deniedWords);$i++){ $badWordFound = stristr($input, $deniedWords[$i]); if($badWordFound){ $found = $found."Do not use <span class=bold>".$deniedWords[$i]."</span> in you script. <br />"; }}if($found){ echo "For security reasons, some keywords and characters have been banned for use within user input. Currently your code contains banned words and will NOT be executed until these are removed: <br />" . $found; return false;}else{ return true;}}
×
×
  • Create New...