4,
// whitelist of IPs
// use '*' to allow any IP
'ip_whitelist' => array('127.0.0.1', '::1'),
// bootstrap file, if defined this file will be included before
// the code entered by the user is evaluated. any variables and classes
// defined here will be accessible by the eval'd code
'bootstrap' => null,
);
if (file_exists(__DIR__.'/config.php')) {
$options = include __DIR__.'/config.php';
$options = array_merge($defaults, $options);
} else {
$options = $defaults;
}
// --- IP Whitelist ---
if (!in_array('*', $options['ip_whitelist'], true) &&
!in_array($_SERVER['REMOTE_ADDR'], $options['ip_whitelist'], true)
) {
header("HTTP/1.0 401 Unauthorized");
die('Access Denied');
}
$debugOutput = '';
if (isset($_POST['code'])) {
ini_set('html_errors', false);
$code = $_POST['code'];
// --- Evaluate the code ---
ob_start();
$memBefore = memory_get_usage(true);
$start = microtime(true);
// Remove the < ?php mark
// TODO remove also ? > if present
$code = preg_replace('{^\s*<\?(php)?\s*}i', '', $code);
/** Run code with bootstrap in separate scope */
function runCode($__source_code, $__bootstrap_file) {
if ($__bootstrap_file) {
require $__bootstrap_file;
}
eval($__source_code);
}
runCode($code, $options['bootstrap']);
$end = microtime(true);
$memAfter = memory_get_peak_usage(true);
$debugOutput .= ob_get_clean();
// ---------------------------
if (isset($_GET['js'])) {
// --- Send response with metadata in headers ---
header('Content-Type: text/plain');
$memory = sprintf('%.3f', ($memAfter - $memBefore) / 1024.0 / 1024.0); // in MB
$rendertime = sprintf('%.3f', (($end - $start) * 1000)); // in ms
header('X-Memory-Usage: '. $memory);
header('X-Rendertime: '. $rendertime);
echo $debugOutput;
die('#end-php-console-output#');
}
}
?>
PHP Sandbox