php-sandbox/index.php

<?php

/**
 * PHP Sandbox: https://github.com/MightyPork/php-sandbox
 */
 
ini_set('log_errors', false);
ini_set('display_errors', true);
ini_set('display_startup_errors', true);
ini_set('display_not_found_reason', true);
ini_set('display_exceptions', true);
ini_set('html_errors', false);

error_reporting(E_ALL | E_STRICT);

// --- Handle config ---

$defaults = array(
    // how many spaces to use for indention, 0 will make it use real tabs
    'tabsize' => 4,

    // whitelist of IPs
    // use '*' to allow any IP
    'ip_whitelist' => array('127.0.0.1', '::1'),

    // bootstrap file, if defined this file will be included before
    // the code entered by the user is evaluated. any variables and classes
    // defined here will be accessible by the eval'd code
    'bootstrap' => null,
);

if (file_exists(__DIR__.'/config.php')) {
    $options = include __DIR__.'/config.php';
    $options = array_merge($defaults, $options);
} else {
    $options = $defaults;
}


// --- IP Whitelist ---

if (!in_array('*', $options['ip_whitelist'], true) &&
    !in_array($_SERVER['REMOTE_ADDR'], $options['ip_whitelist'], true)
) {
	header("HTTP/1.0 401 Unauthorized");
    die('Access Denied');
}


$debugOutput = '';

if (isset($_POST['code'])) {
	ini_set('html_errors', false);

    $code = $_POST['code'];

    // --- Evaluate the code ---

    ob_start();
    $memBefore = memory_get_usage(true);
    $start = microtime(true);

    // Remove the < ?php mark
    // TODO remove also ? > if present
    $code = preg_replace('{^\s*<\?(php)?\s*}i', '', $code);

    /** Run code with bootstrap in separate scope */
    function runCode($__source_code, $__bootstrap_file)	{
	    if ($__bootstrap_file) {
	        require $__bootstrap_file;
	    }
	    eval($__source_code);
	}

    runCode($code, $options['bootstrap']);

    $end = microtime(true);
    $memAfter = memory_get_peak_usage(true);
    $debugOutput .= ob_get_clean();

    // ---------------------------

    if (isset($_GET['js'])) {

    	// --- Send response with metadata in headers ---
        header('Content-Type: text/plain');

        $memory = sprintf('%.3f', ($memAfter - $memBefore) / 1024.0 / 1024.0); // in MB
        $rendertime = sprintf('%.3f', (($end - $start) * 1000)); // in ms

        header('X-Memory-Usage: '. $memory);
        header('X-Rendertime: '. $rendertime);

        echo $debugOutput;

        die('#end-php-console-output#');
    }
}

?>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />

        <title>PHP Sandbox</title>

        <link rel="stylesheet" type="text/css" href="styles.css" />
        <script src="jquery-1.9.1.min.js"></script>
        <script src="ace/ace.js"></script>
        <script src="ace/theme-monokai.js"></script>
        <script src="ace/mode-php.js"></script>
        <script src="ace/ext-language_tools.js"></script>
        <script src="php-console.js"></script>

        <script>
            $.console({
                tabsize: <?= json_encode($options['tabsize']) ?>
            });
        </script>
    </head>
    <body>
        <div class="console-wrapper">
            <div class="input-wrapper">
                <form method="POST" action="" id="mainform">
                    <div class="input">
                        <textarea class="editor" id="editor" name="code"><?=
                        	(isset($_POST['code']) ? htmlentities($_POST['code'], ENT_QUOTES, 'UTF-8') : "&lt;?php\n\n")
                        ?></textarea>
                    </div>
                        <div class="statusbar">
                            <span class="position">Line: 1, Column: 1</span>
                            <span class="runtime-info"></span>
                			<input type="submit" name="subm" value="Run!"/>
                        </div>
                </form>
            </div>
            <div class="output-wrapper">
                <div class="output"><?= htmlentities($debugOutput) ?></div>
            </div>
        </div>
    </body>
</html>
Initial import 14 years ago			`<?php`
now shows fatal error message (if possible) 9 years ago
			`/**`
			`* PHP Sandbox: https://github.com/MightyPork/php-sandbox`
			`*/`

			`ini_set('log_errors', false);`
			`ini_set('display_errors', true);`
			`ini_set('display_startup_errors', true);`
			`ini_set('display_not_found_reason', true);`
			`ini_set('display_exceptions', true);`
			`ini_set('html_errors', false);`

Removed bullshit 9 years ago			`error_reporting(E_ALL \| E_STRICT);`

			`// --- Handle config ---`
Initial import 14 years ago
Allow configuring options, closes #30 11 years ago			`$defaults = array(`
			`// how many spaces to use for indention, 0 will make it use real tabs`
changed tabsize: 3 -> 4 13 years ago			`'tabsize' => 4,`
Allow configuring options, closes #30 11 years ago
Removed bullshit 9 years ago			`// whitelist of IPs`
Allow configuring options, closes #30 11 years ago			`// use '*' to allow any IP`
moved ip whitelist to options 11 years ago			`'ip_whitelist' => array('127.0.0.1', '::1'),`
Add bootstrap file support, fixes #32 11 years ago
			`// bootstrap file, if defined this file will be included before`
			`// the code entered by the user is evaluated. any variables and classes`
			`// defined here will be accessible by the eval'd code`
			`'bootstrap' => null,`
Made tab character(s) configurable (see index.php) 14 years ago			`);`

Allow configuring options, closes #30 11 years ago			`if (file_exists(__DIR__.'/config.php')) {`
			`$options = include __DIR__.'/config.php';`
			`$options = array_merge($defaults, $options);`
			`} else {`
			`$options = $defaults;`
			`}`

Removed bullshit 9 years ago
			`// --- IP Whitelist ---`

Allow configuring options, closes #30 11 years ago			`if (!in_array('*', $options['ip_whitelist'], true) &&`
			`!in_array($_SERVER['REMOTE_ADDR'], $options['ip_whitelist'], true)`
			`) {`
Removed bullshit 9 years ago			`header("HTTP/1.0 401 Unauthorized");`
			`die('Access Denied');`
Initial import 14 years ago			`}`



			`$debugOutput = '';`

			`if (isset($_POST['code'])) {`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago			`ini_set('html_errors', false);`

initial sensiolabs/melody integration 10 years ago			`$code = $_POST['code'];`
Set default <?php in the text area to restore syntax highlighting, fixes #10 12 years ago
Removed bullshit 9 years ago			`// --- Evaluate the code ---`
Initial import 14 years ago
			`ob_start();`
added server-side runtime information (memory, rendertime) into the consoles statusbar 11 years ago			`$memBefore = memory_get_usage(true);`
Minor tweak 11 years ago			`$start = microtime(true);`

Removed bullshit 9 years ago			`// Remove the < ?php mark`
			`// TODO remove also ? > if present`
			`$code = preg_replace('{^\s<\?(php)?\s}i', '', $code);`

			`/** Run code with bootstrap in separate scope */`
			`function runCode($__source_code, $__bootstrap_file) {`
			`if ($__bootstrap_file) {`
			`require $__bootstrap_file;`
			`}`
			`eval($__source_code);`
			`}`

			`runCode($code, $options['bootstrap']);`
Minor tweak 11 years ago
added server-side runtime information (memory, rendertime) into the consoles statusbar 11 years ago			`$end = microtime(true);`
Minor tweak 11 years ago			`$memAfter = memory_get_peak_usage(true);`
added server-side runtime information (memory, rendertime) into the consoles statusbar 11 years ago			`$debugOutput .= ob_get_clean();`
Minor tweak 11 years ago
Removed bullshit 9 years ago			`// ---------------------------`

Script execution is now done via an async js request, preventing die() and exception to mess up the entire console 14 years ago			`if (isset($_GET['js'])) {`
Removed bullshit 9 years ago
			`// --- Send response with metadata in headers ---`
Script execution is now done via an async js request, preventing die() and exception to mess up the entire console 14 years ago			`header('Content-Type: text/plain');`
Minor tweak 11 years ago
added server-side runtime information (memory, rendertime) into the consoles statusbar 11 years ago			`$memory = sprintf('%.3f', ($memAfter - $memBefore) / 1024.0 / 1024.0); // in MB`
			`$rendertime = sprintf('%.3f', (($end - $start) * 1000)); // in ms`
Minor tweak 11 years ago
added server-side runtime information (memory, rendertime) into the consoles statusbar 11 years ago			`header('X-Memory-Usage: '. $memory);`
			`header('X-Rendertime: '. $rendertime);`
Minor tweak 11 years ago
Script execution is now done via an async js request, preventing die() and exception to mess up the entire console 14 years ago			`echo $debugOutput;`
Removed bullshit 9 years ago
Script execution is now done via an async js request, preventing die() and exception to mess up the entire console 14 years ago			`die('#end-php-console-output#');`
			`}`
Initial import 14 years ago			`}`

			`?>`
			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>`
Ensure IE uses standards mode even with poor intranet settings 13 years ago			`<meta http-equiv="X-UA-Compatible" content="IE=edge" />`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago
			`<title>PHP Sandbox</title>`

Initial import 14 years ago			`<link rel="stylesheet" type="text/css" href="styles.css" />`
Update jQuery to 1.9.1 12 years ago			`<script src="jquery-1.9.1.min.js"></script>`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago			`<script src="ace/ace.js"></script>`
			`<script src="ace/theme-monokai.js"></script>`
			`<script src="ace/mode-php.js"></script>`
Replaced some ace files with minified, removed clippy etc code from js file 9 years ago			`<script src="ace/ext-language_tools.js"></script>`
Cleanups 13 years ago			`<script src="php-console.js"></script>`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago
Cleanups 13 years ago			`<script>`
Made tab character(s) configurable (see index.php) 14 years ago			`$.console({`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago			`tabsize: <?= json_encode($options['tabsize']) ?>`
Made tab character(s) configurable (see index.php) 14 years ago			`});`
Initial import 14 years ago			`</script>`
			`</head>`
Script execution is now done via an async js request, preventing die() and exception to mess up the entire console 14 years ago			`<body>`
wrap elements + use flex css 11 years ago			`<div class="console-wrapper">`
			`<div class="input-wrapper">`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago			`<form method="POST" action="" id="mainform">`
wrap elements + use flex css 11 years ago			`<div class="input">`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago			`<textarea class="editor" id="editor" name="code"><?=`
			`(isset($_POST['code']) ? htmlentities($_POST['code'], ENT_QUOTES, 'UTF-8') : "<?php\n\n")`
			`?></textarea>`
wrap elements + use flex css 11 years ago			`</div>`
			`<div class="statusbar">`
			`<span class="position">Line: 1, Column: 1</span>`
			`<span class="runtime-info"></span>`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago			`<input type="submit" name="subm" value="Run!"/>`
wrap elements + use flex css 11 years ago			`</div>`
			`</form>`
			`</div>`
			`<div class="output-wrapper">`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago			`<div class="output"><?= htmlentities($debugOutput) ?></div>`
wrap elements + use flex css 11 years ago			`</div>`
Initial import 14 years ago			`</div>`
			`</body>`
Removed krumo, updated ace + patch to support traits, changed L&F to monokai/sublime, output changed to plain text, removed clippy 9 years ago			`</html>`