Skip to content

Commit 599195e

Browse files
mrjoelkempmrjoelkemp
committed
Use an env var to toggle sandboxing
1 parent 9787e27 commit 599195e

2 files changed

Lines changed: 7 additions & 7 deletions

File tree

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,6 @@ You can then point your web server to serve files from the `phpepl/` root folder
3333
* Namely, you should be able to visit the index page (`phpepl/index.html`) from `http://localhost` (include a custom port if necessary)
3434
* Ex: `http://localhost:8000/index.html` or simply `http://localhost:8000`, assuming your server is configured to listen to port 8000.
3535

36-
**You then need to disable sandboxing** by toggling the `$sandbox_me` var in `src/eval/index.php` to disable the sandbox locally.
3736
You'll then have free reign to execute any commands.
3837

3938
#### Vagrant
@@ -64,8 +63,9 @@ If you'd like to tinker around with the code, you can do the following:
6463
`src/phpepl.js` is the main script for the website. This gets built into `dist/phpepl.js`
6564
which is referenced by `phpepl/index.html`.
6665

67-
The php evaluation code is in `src/eval/index.php`. That endpoint is sandboxed by default,
68-
so toggle the `$sandbox_me` var in `src/eval/index.php` to disable the sandbox locally.
66+
The php evaluation code is in `src/eval/index.php`. That endpoint checks for the existence of a
67+
`PHPEPL_PROD` environment variable (which is set on the production hosts) for sandboxing. Locally, you won't
68+
have that set, so you'll have the unsandboxed version by default.
6969

7070
* With grunt running, that change should rebuild the app and you can just refresh the page.
7171

src/eval/index.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<?php
2-
// set me to false to turn off sandboxing
3-
$sandbox_me = true;
4-
2+
// Only production environments will have this set – turning on sandboxing
3+
// DEP_VERSION is for cloud control
4+
$sandbox_me = isset($_ENV['PHPEPL_PROD']) || isset($_ENV['DEP_VERSION']);
55
require_once('../../vendor/autoload.php');
66

77
// Turn off errors since eval will throw them on invalid syntax
@@ -85,7 +85,7 @@ function php_execute_sandboxed($code) {
8585
foreach($pattern as $_pattern){
8686
if(strtolower(substr($_pattern, -1)) == 'e'){
8787
throw new Exception("Can not use PREG_REPLACE_EVAL!");
88-
}
88+
}
8989
}
9090
} else if(strtolower(substr($pattern, -1)) == 'e'){
9191
throw new Exception("Can not use PREG_REPLACE_EVAL!");

0 commit comments

Comments
 (0)