(PECL runkit >= 0.7.0)
Runkit_Sandbox_Parent — Runkit Anti-Sandbox Class
Instantiating the Runkit_Sandbox_Parent class from within a sandbox environment created from the Runkit_Sandbox class provides some (controlled) means for a sandbox child to access its parent.
Nota: Suporte ao sandbox (requerido por runkit_lint(), runkit_lint_file() e a classe Runkit_Sandbox) somente está disponível a partir do PHP 5.1.0 ou versões especificamente alteradas do PHP 5.0, requerendo também thread safety ativo. Veja o README incluído no pacote do runkit para mais informações.
In order for any of the Runkit_Sandbox_Parent
features to function. Support must be enabled on a per-sandbox basis
by enabling the parent_access
flag from the parent's
context.
Exemplo #1 Working with variables in a sandbox
<?php
$sandbox = new Runkit_Sandbox();
$sandbox['parent_access'] = true;
?>
Just as with sandbox variable access, a sandbox parent's
variables may be read from and written to as properties of
the Runkit_Sandbox_Parent class.
Read access to parental variables may be enabled with
the parent_read
setting (in addition
to the base parent_access
setting).
Write access, in turn, is enabled through the
parent_write
setting.
Unlike sandbox child variable access, the variable scope
is not limited to globals only. By setting the
parent_scope
setting to an appropriate
integer value, other scopes in the active call stack may
be inspected instead. A value of 0 (Default) will direct
variable access at the global scope. 1 will point variable
access at whatever variable scope was active at the time the
current block of sandbox code was executed. Higher values
progress back through the functions that called the functions
that led to the sandbox executing code that tried to access
its own parent's variables.
Exemplo #2 Accessing parental variables
<?php
$php = new Runkit_Sandbox();
$php['parent_access'] = true;
$php['parent_read'] = true;
$test = "Global";
$php->eval('$PARENT = new Runkit_Sandbox_Parent;');
$php['parent_scope'] = 0;
one();
$php['parent_scope'] = 1;
one();
$php['parent_scope'] = 2;
one();
$php['parent_scope'] = 3;
one();
$php['parent_scope'] = 4;
one();
$php['parent_scope'] = 5;
one();
function one() {
$test = "one()";
two();
}
function two() {
$test = "two()";
three();
}
function three() {
$test = "three()";
$GLOBALS['php']->eval('var_dump($PARENT->test);');
}
?>
O exemplo acima irá imprimir:
string(6) "Global" string(7) "three()" string(5) "two()" string(5) "one()" string(6) "Global" string(6) "Global"
Just as with sandbox access, a sandbox may access its parents
functions providing that the proper settings have been enabled.
Enabling parent_call
will allow the sandbox
to call all functions available to the parent scope. Language
constructs are each controlled by their own setting:
print and echo are
enabled with parent_echo
.
die() and exit() are
enabled with parent_die
.
eval() is enabled with parent_eval
while include, include_once,
require, and require_once
are enabled through parent_include
.