Skip to content

Instantly share code, notes, and snippets.

@rafasashi

rafasashi/How to review and run an external php script safely.markdown

Last active August 29, 2015 14:23
Show Gist options
  • Save rafasashi/7af69e03c73f4acdc9f6 to your computer and use it in GitHub Desktop.
Save rafasashi/7af69e03c73f4acdc9f6 to your computer and use it in GitHub Desktop.
Download ZIP
How to review and run an external php script safely?
Raw
How to review and run an external php script safely.markdown
  1. fetch the original script but never change it directly
  2. parse the php script using token_get_all() and token_name()
  3. replace every sensitive functions by a wrape_function_name to control the behavore
  4. rebuild the script and store the mirror script somewhere
  5. use getcwd() to store the current directory and chdir() to reset it to the original location so the static resources will be dowloaded from the origine
  6. execute the mirror script
  7. use chdir() to restore the previous directory location
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment