From: nightcat at poczta dot onet dot pl
Operating system: *
PHP version: 5.0.0b1 (beta1)
PHP Bug Type: Feature/Change Request
Bug description: Way to lock objects/properties/variables for include
Description:
------------
Basicly, everyone who creates CMS at some point want to add modules, or
any other type of space for additional code.
But also we want this code to be signed as "untrusted", because we _are_
afraid about this code (we don't know).
It would be really great to be able to lock some things for include code.
I don't have any clear vision of this, but i'll try to paste example of my
intention.
Reproduce code:
---------------
lock_variables($db->password, $accountPassword);
block_functions(mail, fopen, file);
include_once('module.inc');
unblock_functions(mail, fopen, file);
unlock_variables($db->password, $accountPassword);
Expected result:
----------------
It's only idea.
I'd expect that from inside of this include (and any recursive) there want
be any possiblity to use those functions and modify those variables.
Secondly it would be really _great_, if if functions called from inside of
include could use everything normally. For eg. there won't be any way to
modify DB password (which is property of object $db) but calling
$db->connect would work normally (if it's not blocked by block_functions()
).
Actual result:
--------------
There is really no way in PHP4 to prevent some untrusted parts from do
what they want with whole CMS. In PHP5 i can do it but in very tricky and
dirty way.
--
Edit bug report at http://bugs.php.net/?id=24732&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=24732&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=24732&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=24732&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=24732&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=24732&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=24732&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=24732&r=support
Expected behavior: http://bugs.php.net/fix.php?id=24732&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=24732&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=24732&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=24732&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=24732&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=24732&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=24732&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=24732&r=gnused
